CVE-2004-0201 : Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Mic

Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.

Published 2004-08-06 04:00:00

Updated 2019-04-30 14:27:14

Source MITRE

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2004-0201

Microsoft » Windows Nt » Version: 4.0 Terminal Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Workstation Edition
cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP2 Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP1 Terminal Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP2 Enterprise Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP3 Workstation Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP4 Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP6 Enterprise Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP6 Terminal Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP2 Terminal Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP2 Workstation Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP3 Enterprise Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP3 Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP6 Workstation Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update Sp6a Enterprise Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update Sp6a Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update Sp6a Workstation Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP1 Enterprise Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP1 Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP4 Workstation Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP5 Enterprise Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP5 Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP5 Terminal Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Enterprise Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP1 Workstation Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP3 Terminal Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP4 Enterprise Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP4 Terminal Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP5 Workstation Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP6 Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*
Matching versions
Microsoft » Windows 2000
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP2
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP1
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP3
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP4
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
Matching versions
Microsoft » Windows 98 » Update Gold
cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
Matching versions
Microsoft » Windows 98se
cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » 64-bit Edition
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP1 Home Edition
cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Home Edition
cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update Gold Professional Edition
cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP1 64-bit Edition
cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
Matching versions
Microsoft » Windows Me
cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: WEB
cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: Enterprise 64-bit
cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: R2 64-bit Edition
cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: Enterprise 64-bit Edition
cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: R2 Datacenter 64-bit Edition
cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: Standard 64-bit Edition
cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
Matching versions
Avaya » Modular Messaging Message Storage Server » Version: S3400
cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400:*:*:*:*:*:*:*
Matching versions
Avaya » Ip600 Media Servers
cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*
Matching versions
Avaya » Definity One Media Server
cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*
Matching versions
Avaya » S8100
cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2004-0201

EPSS FAQ

3.37%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 91 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2004-0201

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2004-0201

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1503
http://www.us-cert.gov/cas/techalerts/TA04-196A.html

Page Not Found | CISA
Patch;Third Party Advisory;US Government Resource

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3179
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2155
http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023919.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1530
https://exchange.xforce.ibmcloud.com/vulnerabilities/16586
http://www.kb.cert.org/vuls/id/920060

Patch;Third Party Advisory;US Government Resource

Jump to

Vulnerability Details : CVE-2004-0201

Products affected by CVE-2004-0201

Exploit prediction scoring system (EPSS) score for CVE-2004-0201

CVSS scores for CVE-2004-0201

References for CVE-2004-0201