oval:org.mitre.oval:def:5926

Definition Id: oval:org.mitre.oval:def:5926

Oval ID:	oval:org.mitre.oval:def:5926
Title:	Windows 2000 NNTP Component Buffer Overflow
Description:	The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0574	Version:	7
Platform(s):	Microsoft Windows 2000	Product(s):	Network News Transport Protocol (NNTP)
Definition Synopsis:
Software section Windows 2000 Server is installed Windows 2000 is installed AND Windows NT server product option this is an NT Server (stand-alone) AND this is an NT Server (domain controller) AND Win2K/XP/2003 service pack 3 (or later) is installed AND the version of nntpsvc.dll is less than 5.0.2195.6972 AND NOT Patch Windows2000-KB883935-x86-ENU.exe Installed AND Configuration section the NNTP service is enabled