Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0574

CWE-787Out-of-bounds Write4 documents4 sources
Severity
10.0CRITICAL
EPSS
85.4%
top 0.63%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Microsoft Exchange ServerMicrosoft Windows NTMicrosoft Windows Server 2003
Timeline
PublishedNov 3
Latest updateApr 29

Description

The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

NVDmicrosoft/exchange_server2000, 2003+1

Patches

Patch: www.kb.cert.orgPatch: docs.microsoft.comPatch: www.kb.cert.org

🔴Vulnerability Details

2
GHSA
GHSA-2jpv-5fxc-x33v: The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 42022-04-29
CVEList
CVE-2004-0574: The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 42004-10-16

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows NNTP Service (XPAT) - Denial of Service (MS04-036)2004-10-16
CVE-2004-0574 (CRITICAL CVSS 10) | The Network News Transfer Protocol | cvebase.io