CVE-2004-0124

Severity Score

2.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."

El interfaz RPC DCOM de Microsoft Windows NT 4.0, 2000, XP y Server 2003 permite a atacantes remotos causar comunicaciones de red mediante una llamada de "alterar contexto" conteniendo datos adicionales, también conocida como "Vulnerabilidad de Identidad de Objeto".

*Credits: N/A

CVSS Scores

NISTv2 2.6

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2004-02-03 CVE Reserved
2004-04-16 CVE Published
2024-05-01 EPSS Updated
2024-08-08 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (11)

URL	Tag	Source
http://secunia.com/advisories/11065	Third Party Advisory
http://www.ciac.org/ciac/bulletins/o-115.shtml	Government Resource
http://www.securityfocus.com/bid/10121	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA04-104A.html	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15711	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1041	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1062	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1066	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1072	Signature

URL	Date	SRC

URL	Date	SRC
http://www.kb.cert.org/vuls/id/212892	2018-10-12

URL	Date	SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-012	2018-10-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Windows 2000 Search vendor "Microsoft" for product "Windows 2000"				*		-		Affected
Microsoft Search vendor "Microsoft"		Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server"				r2 Search vendor "Microsoft" for product "Windows 2003 Server" and version "r2"		-		Affected
Microsoft Search vendor "Microsoft"		Windows Nt Search vendor "Microsoft" for product "Windows Nt"				4.0 Search vendor "Microsoft" for product "Windows Nt" and version "4.0"		-		Affected
Microsoft Search vendor "Microsoft"		Windows Nt Search vendor "Microsoft" for product "Windows Nt"				4.0 Search vendor "Microsoft" for product "Windows Nt" and version "4.0"		server		Affected
Microsoft Search vendor "Microsoft"		Windows Nt Search vendor "Microsoft" for product "Windows Nt"				4.0 Search vendor "Microsoft" for product "Windows Nt" and version "4.0"		terminal_server		Affected
Microsoft Search vendor "Microsoft"		Windows Nt Search vendor "Microsoft" for product "Windows Nt"				4.0 Search vendor "Microsoft" for product "Windows Nt" and version "4.0"		workstation		Affected
Microsoft Search vendor "Microsoft"		Windows Xp Search vendor "Microsoft" for product "Windows Xp"				*		gold		Affected