CVE-2004-0840

2004-11-0305:00:00

CWE-20

mitre

web.nvd.nist.gov

smtp

microsoft

windows

exchange server

cve-2004-0840

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.891

Percentile

98.7%

JSON

The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.

Affected configurations

Nvd

Node

microsoftexchange_serverMatch2003-

Node

microsoftwindows_server_2003Match-x64

microsoftwindows_server_2003Matchr2

microsoftwindows_xpx64

VendorProductVersionCPE
microsoftexchange_server2003cpe:2.3:a:microsoft:exchange_server:2003:-:*:*:*:*:*:*
microsoftwindows_server_2003-cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*
microsoftwindows_server_2003r2cpe:2.3:o:microsoft:windows_server_2003:r2:*:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:x64:*

Vendor	Product	Version	CPE
microsoft	exchange_server	2003	cpe:2.3:a:microsoft:exchange_server:2003:-::::::
microsoft	windows_server_2003	-	cpe:2.3:o:microsoft:windows_server_2003:-::::::x64:
microsoft	windows_server_2003	r2	cpe:2.3:o:microsoft:windows_server_2003:r2:::::::*
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp:::::::x64:*