Executive Summary

Informations
NameCVE-2004-0568First vendor Publication2005-01-10
VendorCveLast vendor Modification2019-04-30

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides administrator access : Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0568

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-47Buffer Overflow via Parameter Expansion

CWE : Common Weakness Enumeration

%idName

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:4741
 
Oval ID: oval:org.mitre.oval:def:4741
Title: HyperTerminal Session File Vulnerability (Windows 2000)
Description: HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
Family: windows Class: vulnerability
Reference(s): CVE-2004-0568
Version: 8
Platform(s): Microsoft Windows 2000
Product(s): HyperTerminal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:4508
 
Oval ID: oval:org.mitre.oval:def:4508
Title: HyperTerminal Session File Vulnerability (Terminal Server)
Description: HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
Family: windows Class: vulnerability
Reference(s): CVE-2004-0568
Version: 6
Platform(s): Microsoft Windows NT
Product(s): HyperTerminal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:3973
 
Oval ID: oval:org.mitre.oval:def:3973
Title: HyperTerminal Session File Vulnerability (NT 4.0)
Description: HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
Family: windows Class: vulnerability
Reference(s): CVE-2004-0568
Version: 7
Platform(s): Microsoft Windows NT
Product(s): HyperTerminal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:3138
 
Oval ID: oval:org.mitre.oval:def:3138
Title: HyperTerminal Session File Vulnerability (Server 2003)
Description: HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
Family: windows Class: vulnerability
Reference(s): CVE-2004-0568
Version: 5
Platform(s): Microsoft Windows Server 2003
Product(s): HyperTerminal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:2545
 
Oval ID: oval:org.mitre.oval:def:2545
Title: HyperTerminal Session File Vulnerability (Windows XP,SP2)
Description: HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
Family: windows Class: vulnerability
Reference(s): CVE-2004-0568
Version: 10
Platform(s): Microsoft Windows XP
Product(s): HyperTerminal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1603
 
Oval ID: oval:org.mitre.oval:def:1603
Title: HyperTerminal Session File Vulnerability (Windows XP,SP1)
Description: HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
Family: windows Class: vulnerability
Reference(s): CVE-2004-0568
Version: 10
Platform(s): Microsoft Windows XP
Product(s): HyperTerminal
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os5
Os12
Os48
Os9

Open Source Vulnerability Database (OSVDB)

idDescription
12374Microsoft Windows HyperTerminal Session File Remote Overflow

Nessus® Vulnerability Scanner

DateDescription
2004-12-14Name : Arbitrary code can be executed on the remote host through HyperTerminal.
File : smb_nt_ms04-043.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BUGTRAQ http://marc.info/?l=bugtraq&m=110312618614849&w=2
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04...
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/18336

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
DateInformations
2019-05-09 12:01:23
  • Multiple Updates
2019-04-30 21:19:18
  • Multiple Updates
2018-10-13 00:22:29
  • Multiple Updates
2017-10-11 09:23:22
  • Multiple Updates
2017-07-11 12:01:27
  • Multiple Updates
2016-10-18 12:01:21
  • Multiple Updates
2016-04-26 12:51:04
  • Multiple Updates
2014-02-17 10:27:41
  • Multiple Updates
2013-05-11 11:42:03
  • Multiple Updates