CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2004-0362

Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm.
Publish Date : 2004-04-15 Last Update Date : 2008-09-05
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
7.5
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access User
Vulnerability Type(s) Execute CodeOverflow
CWE ID CWE id is not defined for this vulnerability

- Products Affected By CVE-2004-0362

# Product Type Vendor Product Version Update Edition Language
1 Application ISS Blackice Agent Server 3.6eca Version Details Vulnerabilities
2 Application ISS Blackice Agent Server 3.6ecc Version Details Vulnerabilities
3 Application ISS Blackice Agent Server 3.6ecb Version Details Vulnerabilities
4 Application ISS Blackice Agent Server 3.6ebz Version Details Vulnerabilities
5 Application ISS Blackice Agent Server 3.6ecf Version Details Vulnerabilities
6 Application ISS Blackice Agent Server 3.6ece Version Details Vulnerabilities
7 Application ISS Blackice Agent Server 3.6ecd Version Details Vulnerabilities
8 Application ISS Blackice Pc Protection 3.6ccb Version Details Vulnerabilities
9 Application ISS Blackice Pc Protection 3.6cca Version Details Vulnerabilities
10 Application ISS Blackice Pc Protection 3.6ccf Version Details Vulnerabilities
11 Application ISS Blackice Pc Protection 3.6cbz Version Details Vulnerabilities
12 Application ISS Blackice Pc Protection 3.6cce Version Details Vulnerabilities
13 Application ISS Blackice Pc Protection 3.6ccd Version Details Vulnerabilities
14 Application ISS Blackice Pc Protection 3.6ccc Version Details Vulnerabilities
15 Application ISS Blackice Server Protection 3.6cca Version Details Vulnerabilities
16 Application ISS Blackice Server Protection 3.6ccf Version Details Vulnerabilities
17 Application ISS Blackice Server Protection 3.6cce Version Details Vulnerabilities
18 Application ISS Blackice Server Protection 3.6ccd Version Details Vulnerabilities
19 Application ISS Blackice Server Protection 3.6ccc Version Details Vulnerabilities
20 Application ISS Blackice Server Protection 3.6cbz Version Details Vulnerabilities
21 Application ISS Blackice Server Protection 3.6ccb Version Details Vulnerabilities
22 Hardware ISS Proventia A Series Xpu 20.11 Version Details Vulnerabilities
23 Hardware ISS Proventia A Series Xpu 22.1 Version Details Vulnerabilities
24 Hardware ISS Proventia A Series Xpu 22.2 Version Details Vulnerabilities
25 Hardware ISS Proventia A Series Xpu 22.3 Version Details Vulnerabilities
26 Hardware ISS Proventia A Series Xpu 22.4 Version Details Vulnerabilities
27 Hardware ISS Proventia A Series Xpu 22.5 Version Details Vulnerabilities
28 Hardware ISS Proventia A Series Xpu 22.6 Version Details Vulnerabilities
29 Hardware ISS Proventia A Series Xpu 22.7 Version Details Vulnerabilities
30 Hardware ISS Proventia A Series Xpu 22.8 Version Details Vulnerabilities
31 Hardware ISS Proventia A Series Xpu 22.9 Version Details Vulnerabilities
32 Hardware ISS Proventia A Series Xpu 22.10 Version Details Vulnerabilities
33 Hardware ISS Proventia G Series Xpu 22.1 Version Details Vulnerabilities
34 Hardware ISS Proventia G Series Xpu 22.2 Version Details Vulnerabilities
35 Hardware ISS Proventia G Series Xpu 22.3 Version Details Vulnerabilities
36 Hardware ISS Proventia G Series Xpu 22.4 Version Details Vulnerabilities
37 Hardware ISS Proventia G Series Xpu 22.5 Version Details Vulnerabilities
38 Hardware ISS Proventia G Series Xpu 22.6 Version Details Vulnerabilities
39 Hardware ISS Proventia G Series Xpu 22.7 Version Details Vulnerabilities
40 Hardware ISS Proventia G Series Xpu 22.8 Version Details Vulnerabilities
41 Hardware ISS Proventia G Series Xpu 22.9 Version Details Vulnerabilities
42 Hardware ISS Proventia G Series Xpu 22.10 Version Details Vulnerabilities
43 Hardware ISS Proventia G Series Xpu 22.11 Version Details Vulnerabilities
44 Hardware ISS Proventia M Series Xpu 1.1 Version Details Vulnerabilities
45 Hardware ISS Proventia M Series Xpu 1.2 Version Details Vulnerabilities
46 Hardware ISS Proventia M Series Xpu 1.3 Version Details Vulnerabilities
47 Hardware ISS Proventia M Series Xpu 1.4 Version Details Vulnerabilities
48 Hardware ISS Proventia M Series Xpu 1.5 Version Details Vulnerabilities
49 Hardware ISS Proventia M Series Xpu 1.6 Version Details Vulnerabilities
50 Hardware ISS Proventia M Series Xpu 1.7 Version Details Vulnerabilities
51 Hardware ISS Proventia M Series Xpu 1.8 Version Details Vulnerabilities
52 Hardware ISS Proventia M Series Xpu 1.9 Version Details Vulnerabilities
53 Application ISS Realsecure Desktop 3.6ecb Version Details Vulnerabilities
54 Application ISS Realsecure Desktop 3.6ecf Version Details Vulnerabilities
55 Application ISS Realsecure Desktop 3.6eca Version Details Vulnerabilities
56 Application ISS Realsecure Desktop 3.6ece Version Details Vulnerabilities
57 Application ISS Realsecure Desktop 3.6ecd Version Details Vulnerabilities
58 Application ISS Realsecure Desktop 3.6ebz Version Details Vulnerabilities
59 Application ISS Realsecure Desktop 7.0ebh Version Details Vulnerabilities
60 Application ISS Realsecure Desktop 7.0ebg Version Details Vulnerabilities
61 Application ISS Realsecure Desktop 7.0ebf Version Details Vulnerabilities
62 Application ISS Realsecure Desktop 7.0eba Version Details Vulnerabilities
63 Application ISS Realsecure Desktop 7.0ebl Version Details Vulnerabilities
64 Application ISS Realsecure Desktop 7.0ebk Version Details Vulnerabilities
65 Application ISS Realsecure Desktop 7.0ebj Version Details Vulnerabilities
66 Application ISS Realsecure Guard 3.6ecc Version Details Vulnerabilities
67 Application ISS Realsecure Guard 3.6ecb Version Details Vulnerabilities
68 Application ISS Realsecure Guard 3.6eca Version Details Vulnerabilities
69 Application ISS Realsecure Guard 3.6ebz Version Details Vulnerabilities
70 Application ISS Realsecure Guard 3.6ecf Version Details Vulnerabilities
71 Application ISS Realsecure Guard 3.6ece Version Details Vulnerabilities
72 Application ISS Realsecure Guard 3.6ecd Version Details Vulnerabilities
73 Application ISS Realsecure Network Sensor 7.0 Xpu 20.11 Version Details Vulnerabilities
74 Application ISS Realsecure Network Sensor 7.0 Version Details Vulnerabilities
75 Application ISS Realsecure Network Sensor 7.0 Xpu 22.9 Version Details Vulnerabilities
76 Application ISS Realsecure Network Sensor 7.0 Xpu 22.4 Version Details Vulnerabilities
77 Application ISS Realsecure Network Sensor 7.0 Xpu 22.10 Version Details Vulnerabilities
78 Application ISS Realsecure Sentry 3.6eca Version Details Vulnerabilities
79 Application ISS Realsecure Sentry 3.6ebz Version Details Vulnerabilities
80 Application ISS Realsecure Sentry 3.6ece Version Details Vulnerabilities
81 Application ISS Realsecure Sentry 3.6ecd Version Details Vulnerabilities
82 Application ISS Realsecure Sentry 3.6ecc Version Details Vulnerabilities
83 Application ISS Realsecure Sentry 3.6ecf Version Details Vulnerabilities
84 Application ISS Realsecure Sentry 3.6ecb Version Details Vulnerabilities
85 Application ISS Realsecure Server Sensor 6.0 Windows Version Details Vulnerabilities
86 Application ISS Realsecure Server Sensor 6.0.1 Windows Version Details Vulnerabilities
87 Application ISS Realsecure Server Sensor 6.0.1 Win Sr1.1 Version Details Vulnerabilities
88 Application ISS Realsecure Server Sensor 6.5 Sr3.3 Windows Version Details Vulnerabilities
89 Application ISS Realsecure Server Sensor 6.5 Sr3.2 Windows Version Details Vulnerabilities
90 Application ISS Realsecure Server Sensor 6.5 Windows Version Details Vulnerabilities
91 Application ISS Realsecure Server Sensor 6.5 Win Sr3.1 Version Details Vulnerabilities
92 Application ISS Realsecure Server Sensor 6.5 Win Sr3.4 Version Details Vulnerabilities
93 Application ISS Realsecure Server Sensor 6.5 Win Sr3.5 Version Details Vulnerabilities
94 Application ISS Realsecure Server Sensor 6.5 Win Sr3.6 Version Details Vulnerabilities
95 Application ISS Realsecure Server Sensor 6.5 Win Sr3.7 Version Details Vulnerabilities
96 Application ISS Realsecure Server Sensor 6.5 Win Sr3.8 Version Details Vulnerabilities
97 Application ISS Realsecure Server Sensor 6.5 Win Sr3.9 Version Details Vulnerabilities
98 Application ISS Realsecure Server Sensor 6.5 Win Sr3.10 Version Details Vulnerabilities
99 Application ISS Realsecure Server Sensor 7.0 Xpu22.3 Version Details Vulnerabilities
100 Application ISS Realsecure Server Sensor 7.0 Xpu22.8 Version Details Vulnerabilities
101 Application ISS Realsecure Server Sensor 7.0 Xpu22.2 Version Details Vulnerabilities
102 Application ISS Realsecure Server Sensor 7.0 Xpu22.7 Version Details Vulnerabilities
103 Application ISS Realsecure Server Sensor 7.0 Xpu22.11 Version Details Vulnerabilities
104 Application ISS Realsecure Server Sensor 7.0 Xpu22.6 Version Details Vulnerabilities
105 Application ISS Realsecure Server Sensor 7.0 Xpu22.10 Version Details Vulnerabilities
106 Application ISS Realsecure Server Sensor 7.0 Xpu22.5 Version Details Vulnerabilities
107 Application ISS Realsecure Server Sensor 7.0 Xpu22.1 Version Details Vulnerabilities
108 Application ISS Realsecure Server Sensor 7.0 Xpu22.4 Version Details Vulnerabilities
109 Application ISS Realsecure Server Sensor 7.0 Xpu22.9 Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
ISS Blackice Agent Server 7
ISS Blackice Pc Protection 7
ISS Blackice Server Protection 7
ISS Proventia A Series Xpu 11
ISS Proventia G Series Xpu 11
ISS Proventia M Series Xpu 9
ISS Realsecure Desktop 13
ISS Realsecure Guard 7
ISS Realsecure Network Sensor 5
ISS Realsecure Sentry 7
ISS Realsecure Server Sensor 25

- References For CVE-2004-0362

http://www.ciac.org/ciac/bulletins/o-104.shtml
CIAC O-104
http://www.eeye.com/html/Research/Advisories/AD20040318.html
EEYE AD20040318
http://www.osvdb.org/4355
OSVDB 4355
http://xforce.iss.net/xforce/xfdb/15442
XF pam-icq-parsing-bo(15442)
http://xforce.iss.net/xforce/xfdb/15543
XF witty-worm-propagation(15543)
http://marc.theaimsgroup.com/?l=bugtraq&m=107965651712378&w=2
BUGTRAQ 20040318 EEYE: Internet Security Systems PAM ICQ Server Response Processing Vulnerability
http://www.securityfocus.com/bid/9913
BID 9913 Internet Security Systems Protocol Analysis Module ICQ Parsing Buffer Overflow Vulnerability Release Date:2004-03-18
http://xforce.iss.net/xforce/alerts/id/166
ISS 20040318 Vulnerability in ICQ Parsing in ISS Products
http://www.kb.cert.org/vuls/id/947254
CERT-VN VU#947254
http://secunia.com/advisories/11073
SECUNIA 11073

- Metasploit Modules Related To CVE-2004-0362

ISS PAM.dll ICQ Parser Buffer Overflow
This module exploits a stack buffer overflow in the ISS products that use the iss-pam1.dll ICQ parser (Blackice/RealSecure). Successful exploitation will result in arbitrary code execution as LocalSystem. This exploit only requires 1 UDP packet, which can be both spoofed and sent to a broadcast address. The ISS exception handler will recover the process after each overflow, giving us the ability to bruteforce the service and exploit it multiple times.
Module type : exploit Rank : great Platforms : Windows


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.