Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0728Microsoft Systems Management Server vulnerability

4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
37.8%
top 2.79%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Systems Management Server
Timeline
PublishedJul 27
Latest updateApr 29

Description

The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/systems_management_server1.2, 2.0, 2.50.2726+2

🔴Vulnerability Details

2
GHSA
GHSA-cm42-569j-qx8w: The Remote Control Client service in Microsoft's Systems Management Server (SMS) 22022-04-29
CVEList
CVE-2004-0728: The Remote Control Client service in Microsoft's Systems Management Server (SMS) 22004-07-23

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows SMS 2.0 - Denial of Service2004-07-24
CVE-2004-0728 — Microsoft vulnerability | cvebase