Details of VAR-200408-0134

ID

VAR-200408-0134

CVE

CVE-2004-0205

TITLE

Microsoft Windows contains a buffer overflow in the POSIX subsystem

Trust: 0.8

sources: CERT/CC: VU#647436

DESCRIPTION

Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. A buffer overflow vulnerability exists in the Portable Operating System Interface for UNIX (POSIX) subsystem for Windows NT 4.0 and Windows 2000. This vulnerability may be exploited by a local authenticated user to gain full system privileges. The Microsoft Windows 2000 Utility Manager allows authenticated local users to launch applications with SYSTEM privileges. Microsoft Windows contains a remote code execution vulnerability in the way that the Windows Shell launches applications. An remote attacker could exploit this vulnerability to execute arbitrary code if they could trick a user into visiting a malicious website. Microsoft IIS 4.0 is reported prone to a buffer overflow vulnerability when handling redirects. This could lead to complete compromise of an affected computer. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA04-196A Multiple Vulnerabilities in Microsoft Windows Components and Outlook Express Original release date: July 14, 2004 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows Systems Overview Microsoft has released a Security Bulletin Summary for July, 2004. This summary includes several bulletins that address vulnerabilities in various Windows applications and components. Details of the vulnerabilities and their impacts are provided below. I. Description The table below provides a reference between Microsoft's Security Bulletins and the related US-CERT Vulnerability Notes. More information related to the vulnerabilities is available in these documents. The attacker would have to convince a victim to view an HTML document (web page, HTML email) or click on a crafted URI link. Exploitation of VU#869640 can lead to a denial-of-service condition against Outlook Express. III. Solution Apply a patch Microsoft has provided the patches for these vulnerabilities in the Security Bulletins and on Windows Update. Do not follow unsolicited links It is generally a good practice not to click on unsolicited URLs received in email, instant messages, web forums, or Internet relay chat (IRC) channels. However, this practice does not always prevent exploitation of these types vulnerabilities. For example, a trusted web site could be compromised and modified to deliver exploit script to unsuspecting clients. Maintain updated anti-virus software Anti-virus software with updated virus definitions may identify and prevent some exploit attempts, but variations of exploits or attack vectors may not be detected. Do not rely solely on anti-virus software to defend against these vulnerabilities. More information about viruses and anti-virus vendors is available on the US-CERT Computer Virus Resources page. Appendix A. Vendor Information Specific information about these issue are available in the Security Bulletin Summary for July, 2004 and the US-CERT Vulnerability Notes. Appendix B. References * Microsoft's Security Bulletin Summary for July, 2004 - <http://www.microsoft.com/technet/security/bulletin/ms04-jul.mspx> * US-CERT Vulnerability Note VU#106324 - <http://www.kb.cert.org/vuls/id/106324> * US-CERT Vulnerability Note VU#187196 - <http://www.kb.cert.org/vuls/id/187196> * US-CERT Vulnerability Note VU#920060 - <http://www.kb.cert.org/vuls/id/920060> * US-CERT Vulnerability Note VU#228028 - <http://www.kb.cert.org/vuls/id/228028> * US-CERT Vulnerability Note VU#717748 - <http://www.kb.cert.org/vuls/id/717748> * US-CERT Vulnerability Note VU#647436 - <http://www.kb.cert.org/vuls/id/647436> * US-CERT Vulnerability Note VU#868580 - <http://www.kb.cert.org/vuls/id/868580> * US-CERT Vulnerability Note VU#869640 - <http://www.kb.cert.org/vuls/id/869640> * Increase Your Browsing and E-Mail Safety - <http://www.microsoft.com/security/incident/settings.mspx> * Working with Internet Explorer 6 Security Settings - <http://www.microsoft.com/windows/ie/using/howto/security/settings .mspx> _________________________________________________________________ This alert was created by Jason A. Rafail. Feedback can be directed to the Vulnerability Note authors: Jason A. Rafail, Jeff P. Lanza, Chad R. Dougherty, Damon G. Morda, and Art Manion. _________________________________________________________________ This document is available from: <http://www.us-cert.gov/cas/techalerts/TA04-196A.html> _________________________________________________________________ Copyright 2004 Carnegie Mellon University. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History July 14, 2004: Initial release Last updated July 14, 2004 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFA9ZD4XlvNRxAkFWARApJoAJ9kLfHwh9rjM39LkWpRYYkPDngD+QCcDj6Q P8VLUzmOQoMFj+903rIsKHU= =4I7x -----END PGP SIGNATURE-----

Trust: 7.74

sources: NVD: CVE-2004-0205 // CERT/CC: VU#647436 // CERT/CC: VU#187196 // CERT/CC: VU#869640 // CERT/CC: VU#868580 // CERT/CC: VU#106324 // CERT/CC: VU#228028 // CERT/CC: VU#717748 // CERT/CC: VU#920060 // JVNDB: JVNDB-2004-000276 // BID: 10706 // PACKETSTORM: 33782

AFFECTED PRODUCTS

vendor:	microsoft	model:	-	scope:	-	version:	-	Trust: 6.4
vendor:	avaya	model:	modular messaging message storage server	scope:	eq	version:	s3400	Trust: 1.6
vendor:	microsoft	model:	iis	scope:	eq	version:	4.0	Trust: 1.1
vendor:	avaya	model:	definity one media server	scope:	eq	version:	*	Trust: 1.0
vendor:	microsoft	model:	internet information server	scope:	eq	version:	4.0	Trust: 1.0
vendor:	avaya	model:	s8100	scope:	eq	version:	*	Trust: 1.0
vendor:	avaya	model:	ip600 media servers	scope:	eq	version:	*	Trust: 1.0
vendor:	microsoft	model:	windows nt	scope:	eq	version:	4.0 (server)	Trust: 0.8
vendor:	microsoft	model:	windows nt	scope:	eq	version:	4.0 (workstation)	Trust: 0.8
vendor:	avaya	model:	s8100	scope:	-	version:	-	Trust: 0.6
vendor:	avaya	model:	definity one media server	scope:	-	version:	-	Trust: 0.6
vendor:	microsoft	model:	iis alpha	scope:	eq	version:	4.0	Trust: 0.3
vendor:	avaya	model:	s8100 media servers	scope:	eq	version:	0	Trust: 0.3
vendor:	avaya	model:	s3400 message application server	scope:	eq	version:	0	Trust: 0.3
vendor:	avaya	model:	ip600 media servers	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	definityone media servers	scope:	-	version:	-	Trust: 0.3

sources: CERT/CC: VU#647436 // CERT/CC: VU#187196 // CERT/CC: VU#869640 // CERT/CC: VU#868580 // CERT/CC: VU#106324 // CERT/CC: VU#228028 // CERT/CC: VU#717748 // CERT/CC: VU#920060 // BID: 10706 // JVNDB: JVNDB-2004-000276 // CNNVD: CNNVD-200408-067 // NVD: CVE-2004-0205

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0205
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#647436
value:	14.06
Trust: 0.8
CARNEGIE MELLON:	VU#187196
value:	25.52
Trust: 0.8
CARNEGIE MELLON:	VU#869640
value:	7.48
Trust: 0.8
CARNEGIE MELLON:	VU#868580
value:	21.26
Trust: 0.8
CARNEGIE MELLON:	VU#106324
value:	26.65
Trust: 0.8
CARNEGIE MELLON:	VU#228028
value:	46.58
Trust: 0.8
CARNEGIE MELLON:	VU#717748
value:	10.13
Trust: 0.8
CARNEGIE MELLON:	VU#920060
value:	30.38
Trust: 0.8
NVD:	CVE-2004-0205
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200408-067
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2004-0205
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: CERT/CC: VU#647436 // CERT/CC: VU#187196 // CERT/CC: VU#869640 // CERT/CC: VU#868580 // CERT/CC: VU#106324 // CERT/CC: VU#228028 // CERT/CC: VU#717748 // CERT/CC: VU#920060 // JVNDB: JVNDB-2004-000276 // CNNVD: CNNVD-200408-067 // NVD: CVE-2004-0205

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0205

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200408-067

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 10706 // CNNVD: CNNVD-200408-067

CONFIGURATIONS

sources: JVNDB: JVNDB-2004-000276

PATCH

title:	MS04-021	url:	http://www.microsoft.com/technet/security/bulletin/MS04-021.mspx	Trust: 0.8
title:	MS04-021	url:	http://www.microsoft.com/japan/technet/security/bulletin/MS04-021.mspx	Trust: 0.8

sources: JVNDB: JVNDB-2004-000276

EXTERNAL IDS

db:	CERT/CC	id:	VU#717748	Trust: 3.6
db:	SECUNIA	id:	12061	Trust: 3.2
db:	USCERT	id:	TA04-196A	Trust: 2.8
db:	NVD	id:	CVE-2004-0205	Trust: 2.8
db:	BID	id:	10706	Trust: 2.7
db:	SECTRACK	id:	1010692	Trust: 1.6
db:	OSVDB	id:	7799	Trust: 1.6
db:	XF	id:	16578	Trust: 1.4
db:	CERT/CC	id:	VU#647436	Trust: 0.9
db:	CERT/CC	id:	VU#187196	Trust: 0.9
db:	CERT/CC	id:	VU#869640	Trust: 0.9
db:	CERT/CC	id:	VU#868580	Trust: 0.9
db:	CERT/CC	id:	VU#106324	Trust: 0.9
db:	CERT/CC	id:	VU#228028	Trust: 0.9
db:	CERT/CC	id:	VU#920060	Trust: 0.9
db:	SECUNIA	id:	12059	Trust: 0.8
db:	SECTRACK	id:	1010690	Trust: 0.8
db:	JVNDB	id:	JVNDB-2004-000276	Trust: 0.8
db:	MS	id:	MS04-021	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:2204	Trust: 0.6
db:	CIAC	id:	O-179	Trust: 0.6
db:	CERT/CC	id:	TA04-196A	Trust: 0.6
db:	CNNVD	id:	CNNVD-200408-067	Trust: 0.6
db:	PACKETSTORM	id:	33782	Trust: 0.1

sources: CERT/CC: VU#647436 // CERT/CC: VU#187196 // CERT/CC: VU#869640 // CERT/CC: VU#868580 // CERT/CC: VU#106324 // CERT/CC: VU#228028 // CERT/CC: VU#717748 // CERT/CC: VU#920060 // BID: 10706 // JVNDB: JVNDB-2004-000276 // PACKETSTORM: 33782 // CNNVD: CNNVD-200408-067 // NVD: CVE-2004-0205

REFERENCES

url:	about vulnerability notes	Trust: 4.0
url:	contact us about this vulnerability	Trust: 4.0
url:	provide a vendor statement	Trust: 4.0
url:	http://www.us-cert.gov/cas/techalerts/ta04-196a.html	Trust: 2.7
url:	http://www.kb.cert.org/vuls/id/717748	Trust: 2.7
url:	http://www.ciac.org/ciac/bulletins/o-179.shtml	Trust: 2.4
url:	http://www.securityfocus.com/bid/10706	Trust: 2.4
url:	http://secunia.com/advisories/12061/	Trust: 1.6
url:	http://www.securitytracker.com/alerts/2004/jul/1010692.html	Trust: 1.6
url:	http://www.osvdb.org/7799	Trust: 1.6
url:	http://secunia.com/advisories/12061	Trust: 1.6
url:	http://xforce.iss.net/xforce/xfdb/16578	Trust: 1.4
url:	http://www.microsoft.com/technet/security/bulletin/ms04-021.mspx	Trust: 1.1
url:	http://www.microsoft.com/windowsserver2003/iis/default.mspx	Trust: 1.1
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-021	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16578	Trust: 1.0
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a2204	Trust: 1.0
url:	http://www.microsoft.com/technet/security/bulletin/ms04-022.mspx	Trust: 0.8
url:	http://www.microsoft.com/technet/prodtechnol/windows2000serv/evaluate/featfunc/taskschd.mspx	Trust: 0.8
url:	http://www.securiteam.com/windowsntfocus/5up0b15dgk.html	Trust: 0.8
url:	http://www.microsoft.com/technet/security/bulletin/ms04-023.mspx	Trust: 0.8
url:	http://secunia.com/advisories/12059/	Trust: 0.8
url:	http://www.securitytracker.com/alerts/2004/jul/1010690.html	Trust: 0.8
url:	http://www.securiteam.com/windowsntfocus/5tp0a15dgq.html	Trust: 0.8
url:	http://msdn.microsoft.com/library/default.asp?url=/library/en-us/htmlhelp/html/vsconhh1start.asp	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0205	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20040714-ms04-021.html	Trust: 0.8
url:	http://www.jpcert.or.jp/wr/2004/wr042801.txt	Trust: 0.8
url:	http://jvn.jp/cert/jvnta04-196a/	Trust: 0.8
url:	http://jvn.jp/tr/trta04-196a/	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0205	Trust: 0.8
url:	http://www.cyberpolice.go.jp/important/2004/20040714_073145.html	Trust: 0.8
url:	http://www.cyberpolice.go.jp/important/2004/20040714_073713.html	Trust: 0.8
url:	http://www.cyberpolice.go.jp/important/2004/20040714_073844.html	Trust: 0.8
url:	http://www.cyberpolice.go.jp/important/2004/20040720_130359.html	Trust: 0.8
url:	http://www.microsoft.com/technet/security/bulletin/ms04-021.asp	Trust: 0.6
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:2204	Trust: 0.6
url:	http://support.microsoft.com/default.aspx?scid=kb;en-us;873401	Trust: 0.3
url:	http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/iis4cl.asp	Trust: 0.3
url:	http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-018.asp	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/920060>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/106324>	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0205	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0213	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2003-1041	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0212	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/717748>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/869640>	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0215	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/868580>	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0201	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/647436>	Trust: 0.1
url:	http://www.microsoft.com/windows/ie/using/howto/security/settings	Trust: 0.1
url:	http://www.us-cert.gov/cas/techalerts/ta04-196a.html>	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0210	Trust: 0.1
url:	http://www.microsoft.com/security/incident/settings.mspx>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/187196>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/228028>	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0420	Trust: 0.1
url:	http://www.us-cert.gov/legal.html>	Trust: 0.1
url:	http://www.microsoft.com/technet/security/bulletin/ms04-jul.mspx>	Trust: 0.1

sources: CERT/CC: VU#647436 // CERT/CC: VU#187196 // CERT/CC: VU#869640 // CERT/CC: VU#868580 // CERT/CC: VU#106324 // CERT/CC: VU#228028 // CERT/CC: VU#717748 // CERT/CC: VU#920060 // BID: 10706 // JVNDB: JVNDB-2004-000276 // PACKETSTORM: 33782 // CNNVD: CNNVD-200408-067 // NVD: CVE-2004-0205

CREDITS

Microsoft Security Team※ secure@microsoft.com

Trust: 0.6

sources: CNNVD: CNNVD-200408-067

SOURCES

db:	CERT/CC	id:	VU#647436
db:	CERT/CC	id:	VU#187196
db:	CERT/CC	id:	VU#869640
db:	CERT/CC	id:	VU#868580
db:	CERT/CC	id:	VU#106324
db:	CERT/CC	id:	VU#228028
db:	CERT/CC	id:	VU#717748
db:	CERT/CC	id:	VU#920060
db:	BID	id:	10706
db:	JVNDB	id:	JVNDB-2004-000276
db:	PACKETSTORM	id:	33782
db:	CNNVD	id:	CNNVD-200408-067
db:	NVD	id:	CVE-2004-0205

LAST UPDATE DATE

2024-08-14T12:07:14.844000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#647436	date:	2004-07-14T00:00:00
db:	CERT/CC	id:	VU#187196	date:	2004-07-14T00:00:00
db:	CERT/CC	id:	VU#869640	date:	2004-07-23T00:00:00
db:	CERT/CC	id:	VU#868580	date:	2004-07-14T00:00:00
db:	CERT/CC	id:	VU#106324	date:	2004-07-14T00:00:00
db:	CERT/CC	id:	VU#228028	date:	2004-07-14T00:00:00
db:	CERT/CC	id:	VU#717748	date:	2004-07-14T00:00:00
db:	CERT/CC	id:	VU#920060	date:	2004-07-14T00:00:00
db:	BID	id:	10706	date:	2009-07-12T06:16:00
db:	JVNDB	id:	JVNDB-2004-000276	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200408-067	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-0205	date:	2018-10-12T21:34:13.043

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#647436	date:	2004-07-14T00:00:00
db:	CERT/CC	id:	VU#187196	date:	2004-07-14T00:00:00
db:	CERT/CC	id:	VU#869640	date:	2004-07-14T00:00:00
db:	CERT/CC	id:	VU#868580	date:	2004-07-14T00:00:00
db:	CERT/CC	id:	VU#106324	date:	2004-07-14T00:00:00
db:	CERT/CC	id:	VU#228028	date:	2004-07-14T00:00:00
db:	CERT/CC	id:	VU#717748	date:	2004-07-14T00:00:00
db:	CERT/CC	id:	VU#920060	date:	2004-07-14T00:00:00
db:	BID	id:	10706	date:	2004-07-13T00:00:00
db:	JVNDB	id:	JVNDB-2004-000276	date:	2007-04-01T00:00:00
db:	PACKETSTORM	id:	33782	date:	2004-07-14T14:51:00
db:	CNNVD	id:	CNNVD-200408-067	date:	2004-07-13T00:00:00
db:	NVD	id:	CVE-2004-0205	date:	2004-08-06T04:00:00