Lucene search
HistoryJan 19, 2005 - 5:00 a.m.
CVE-2004-1361
cve
2004
1361
integer underflow
winhlp32.exe
windows nt
windows 2000
windows xp
windows 2003
sp4
sp2
nvd
heap-based buffer overflow
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.9 High
AI Score
Confidence
High
0.056 Low
EPSS
Percentile
93.3%
Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.
Affected configurations
Node
microsoftwindows_2000
ORmicrosoftwindows_2000sp1
ORmicrosoftwindows_2000sp2
ORmicrosoftwindows_2000sp3
ORmicrosoftwindows_2000sp4
ORmicrosoftwindows_2003_serverMatchenterprise64-bit
ORmicrosoftwindows_2003_serverMatchenterprisesp1_beta_1
ORmicrosoftwindows_2003_serverMatchenterprise_64-bit
ORmicrosoftwindows_2003_serverMatchr264-bit
ORmicrosoftwindows_2003_serverMatchr2datacenter_64-bit
ORmicrosoftwindows_2003_serverMatchr2sp1_beta_1
ORmicrosoftwindows_2003_serverMatchstandard64-bit
ORmicrosoftwindows_2003_serverMatchstandardsp1_beta_1
ORmicrosoftwindows_2003_serverMatchweb
ORmicrosoftwindows_2003_serverMatchwebsp1_beta_1
ORmicrosoftwindows_ntMatch4.0enterprise_server
ORmicrosoftwindows_ntMatch4.0server
ORmicrosoftwindows_ntMatch4.0terminal_server
ORmicrosoftwindows_ntMatch4.0workstation
ORmicrosoftwindows_ntMatch4.0sp1enterprise_server
ORmicrosoftwindows_ntMatch4.0sp1server
ORmicrosoftwindows_ntMatch4.0sp1terminal_server
ORmicrosoftwindows_ntMatch4.0sp1workstation
ORmicrosoftwindows_ntMatch4.0sp2enterprise_server
ORmicrosoftwindows_ntMatch4.0sp2server
ORmicrosoftwindows_ntMatch4.0sp2terminal_server
ORmicrosoftwindows_ntMatch4.0sp2workstation
ORmicrosoftwindows_ntMatch4.0sp3enterprise_server
ORmicrosoftwindows_ntMatch4.0sp3server
ORmicrosoftwindows_ntMatch4.0sp3terminal_server
ORmicrosoftwindows_ntMatch4.0sp3workstation
ORmicrosoftwindows_ntMatch4.0sp4enterprise_server
ORmicrosoftwindows_ntMatch4.0sp4server
ORmicrosoftwindows_ntMatch4.0sp4terminal_server
ORmicrosoftwindows_ntMatch4.0sp4workstation
ORmicrosoftwindows_ntMatch4.0sp5enterprise_server
ORmicrosoftwindows_ntMatch4.0sp5server
ORmicrosoftwindows_ntMatch4.0sp5terminal_server
ORmicrosoftwindows_ntMatch4.0sp5workstation
ORmicrosoftwindows_ntMatch4.0sp6enterprise_server
ORmicrosoftwindows_ntMatch4.0sp6server
ORmicrosoftwindows_ntMatch4.0sp6terminal_server
ORmicrosoftwindows_ntMatch4.0sp6workstation
ORmicrosoftwindows_ntMatch4.0sp6aenterprise_server
ORmicrosoftwindows_ntMatch4.0sp6aserver
ORmicrosoftwindows_ntMatch4.0sp6aterminal_server
ORmicrosoftwindows_ntMatch4.0sp6aworkstation
ORmicrosoftwindows_xp64-bit
ORmicrosoftwindows_xphome
ORmicrosoftwindows_xpmedia_center
ORmicrosoftwindows_xpgoldprofessional
ORmicrosoftwindows_xpsp164-bit
ORmicrosoftwindows_xpsp1home
ORmicrosoftwindows_xpsp1media_center
ORmicrosoftwindows_xpsp2home
ORmicrosoftwindows_xpsp2media_center
Related
cvelist
cvelist
CVE-2004-1361
2005-01-19 05:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Winhlp32 Compressed Phrase Integer Overflow (CVE-2004-1361)
2010-04-21 00:00:00
nvd
nvd
CVE-2004-1361
2004-12-23 05:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.9 High
AI Score
Confidence
High
0.056 Low
EPSS
Percentile
93.3%
Related for CVE-2004-1361