CVE-2004-0840

CWE-20 — Improper Input Validation3 documents3 sources

Severity

10.0CRITICAL

EPSS

36.7%

top 2.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Exchange Server Microsoft Windows Server 2003

Timeline

PublishedNov 3

Latest updateApr 29

Description

The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/exchange_server2003

▶NVDmicrosoft/windowsr2

Patches

Patch: www.kb.cert.org ↗Patch: docs.microsoft.com ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-6xx6-74w2-pvf3: The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, an↗2022-04-29

▶

CVEList

CVE-2004-0840: The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, an↗2004-10-16

▶