CVSS: 10.0EPSS: 94%CPEs: 37EXPL: 0CVE-2005-0050
https://notcve.org/view.php?id=CVE-2005-0050
The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability." • http://www.kb.cert.org/vuls/id/130433 http://www.us-cert.gov/cas/techalerts/TA05-039A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/19101 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2568 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3582 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A47 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 97%CPEs: 37EXPL: 2CVE-2004-1080 – Microsoft Windows - 'WINS' Remote Buffer Overflow (MS04-045)
https://notcve.org/view.php?id=CVE-2004-1080
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." El servicio WINS (wins.exe) de Microsoft Windows NT Server 4.0, Windows 2000 Server y Windows Server 2003 permite a atacantes remotos escribir localizaciones de memoria arbitrarias y posiblemente ejecutar código arbitrario mediante un puntero de memoria modificado en un paquete de replicación WINS al puerto TCP 42. • https://www.exploit-db.com/exploits/909 https://www.exploit-db.com/exploits/16359 http://marc.info/?l=bugtraq&m=110150370506704&w=2 http://secunia.com/advisories/13328 http://securitytracker.com/id?1012516 http://support.microsoft.com/kb/890710 http://www.ciac.org/ciac/bulletins/p-054.shtml http://www.immunitysec.com/downloads/instantanea.pdf http://www.kb.cert.org/vuls/id/145134 http://www.osvdb.org/12378 http://www.securityfocus.com/bid/11763 http:// •
CVSS: 7.5EPSS: 56%CPEs: 7EXPL: 0CVE-2004-0892
https://notcve.org/view.php?id=CVE-2004-0892
Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results. • http://www.securityfocus.com/bid/11605 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-039 https://exchange.xforce.ibmcloud.com/vulnerabilities/17906 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4264 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4859 •
CVSS: 10.0EPSS: 89%CPEs: 4EXPL: 0CVE-2004-0840
https://notcve.org/view.php?id=CVE-2004-0840
The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. El componente SMTP (Simple Mail Transfer Protocol) de Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, y el componente Exchange Routing Engine de Exchange Server 2003 permite a atacantes remotos ejecutar código arbitrario mediante una respuesta DNS maliciosa conteniendo valores de longitud que no son validados adecuadamente. • http://www.kb.cert.org/vuls/id/394792 http://www.securityfocus.com/bid/11374 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-035 https://exchange.xforce.ibmcloud.com/vulnerabilities/17621 https://exchange.xforce.ibmcloud.com/vulnerabilities/17660 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2300 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3460 https://oval.cisecurity.org/repository/search/ • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 95%CPEs: 5EXPL: 1CVE-2004-0574 – Microsoft Windows NNTP Service (XPAT) - Denial of Service (MS04-036)
https://notcve.org/view.php?id=CVE-2004-0574
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. El componente de Protocolo de Transferencia de Noticias de Red (NNTP) de Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, y Exchange Server 2003 permite a atacantes remtos ejecutar código de su elección mediante patrones XPAT, posiblemente relacionado con una validación de longitud inadecuada o un "búfer sin comprobar", conduciendo a desbordamientos de búfer basados en la pila y error de fuera por uno. • https://www.exploit-db.com/exploits/578 http://marc.info/?l=bugtraq&m=109761632831563&w=2 http://www.ciac.org/ciac/bulletins/p-012.shtml http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10 http://www.kb.cert.org/vuls/id/203126 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-036 https://exchange.xforce.ibmcloud.com/vulnerabilities/17641 https://exchange.xforce.ibmcloud.com/vulnerabilities/17661 https://oval.cisecurity.org/repository/s • CWE-787: Out-of-bounds Write •