CVE-2004-0123 : Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Window

Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Published 2004-06-01 04:00:00

Updated 2018-10-12 21:34:02

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service

Products affected by CVE-2004-0123

Microsoft » Windows Nt » Version: 4.0
cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 98 » Update Gold
cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
Matching versions
Microsoft » Windows 98se
cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update Gold
cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
Matching versions
Microsoft » Windows Me
cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: R2
cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2004-0123

EPSS FAQ

48.57%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 97 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2004-0123

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2004-0123

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2004-0123

http://www.us-cert.gov/cas/techalerts/TA04-104A.html

Page Not Found | CISA
Third Party Advisory;US Government Resource

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A924
http://www.ciac.org/ciac/bulletins/o-114.shtml

CVEs referencing this url
http://www.kb.cert.org/vuls/id/255924

Patch;Third Party Advisory;US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1007
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1076
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011

Microsoft Security Bulletin MS04-011 - Critical | Microsoft Learn

CVEs referencing this url
http://www.securityfocus.com/bid/10118
https://exchange.xforce.ibmcloud.com/vulnerabilities/15713

Jump to

Vulnerability Details : CVE-2004-0123

Products affected by CVE-2004-0123

Exploit prediction scoring system (EPSS) score for CVE-2004-0123

CVSS scores for CVE-2004-0123

CWE ids for CVE-2004-0123

References for CVE-2004-0123