Executive Summary

Informations
Name CVE-2004-0207 First vendor Publication 2004-11-03
Vendor Cve Last vendor Modification 2018-10-12

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score 2.1 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

"Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0207

CWE : Common Weakness Enumeration

% Id Name

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 1
Os 1
Os 1
Os 1

ExploitDB Exploits

id Description
2004-10-20 MS Windows Metafile (.emf) Heap Overflow Exploit (MS04-032)

Open Source Vulnerability Database (OSVDB)

Id Description
10690 Microsoft Windows Management APIs Local Privilege Escalation

Windows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker uses a flaw in Windows Management APIs which allows programs to modify other programs which run at a higher permission level. This flaw may lead to a loss of integrity.

Snort® IPS/IDS

Date Description
2016-03-14 Microsoft emf file download request
RuleID : 33740-community - Revision : 2 - Type : FILE-IMAGE
2015-04-10 Microsoft emf file download request
RuleID : 33740 - Revision : 2 - Type : FILE-IMAGE
2014-01-10 Microsoft emf file download request
RuleID : 2435-community - Revision : 33 - Type : FILE-IDENTIFY
2014-01-10 Microsoft emf file download request
RuleID : 2435 - Revision : 33 - Type : FILE-IDENTIFY

Nessus® Vulnerability Scanner

Date Description
2004-10-12 Name : Arbitrary code can be executed on the remote host.
File : smb_nt_ms04-032.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BUGTRAQ http://marc.info/?l=bugtraq&m=109777417922695&w=2
CERT-VN http://www.kb.cert.org/vuls/id/218526
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04...
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/16579
https://exchange.xforce.ibmcloud.com/vulnerabilities/17658

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2020-05-23 00:15:44
  • Multiple Updates
2018-10-13 00:22:28
  • Multiple Updates
2017-07-11 12:01:24
  • Multiple Updates
2016-10-18 12:01:18
  • Multiple Updates
2014-02-17 10:27:18
  • Multiple Updates
2013-05-11 11:40:25
  • Multiple Updates