CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
98.6%
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
Vendor | Product | Version | CPE |
---|---|---|---|
avaya | ip600_media_servers | * | cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:* |
microsoft | ie | 6.0 | cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:* |
avaya | definity_one_media_server | * | cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:* |
avaya | s8100 | * | cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:* |
avaya | modular_messaging_message_storage_server | s3400 | cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400:*:*:*:*:*:*:* |
microsoft | windows_2000 | * | cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:* |
microsoft | windows_2000 | * | cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:* |
microsoft | windows_2000 | * | cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:* |
microsoft | windows_2000 | * | cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:* |
microsoft | windows_2000 | * | cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:* |
marc.info/?l=bugtraq&m=108981273009250&w=2
marc.info/?l=bugtraq&m=108981403025596&w=2
secunia.com/advisories/12060
www.kb.cert.org/vuls/id/228028
www.ngssoftware.com/advisories/mstaskjob.txt
www.us-cert.gov/cas/techalerts/TA04-196A.html
docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022
exchange.xforce.ibmcloud.com/vulnerabilities/16591
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1344
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1781
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1964
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3428