Vulnerability Details : CVE-2004-0362
Public exploit exists!
Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm.
Vulnerability category: Execute code
Products affected by CVE-2004-0362
- cpe:2.3:a:iss:realsecure_network_sensor:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_network_sensor:7.0:xpu_20.11:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_network_sensor:7.0:xpu_22.10:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_network_sensor:7.0:xpu_22.4:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_network_sensor:7.0:xpu_22.9:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:6.0.1_win_sr1.1:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:6.0:*:windows:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.6:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.7:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.3:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.4:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:6.5:*:windows:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:6.5:sr3.2:windows:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.8:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.9:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.5:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.6:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:6.5:sr3.3:windows:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.1:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.10:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.1:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.10:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.7:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.8:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:6.0.1:*:windows:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.4:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.5:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.11:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.2:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.9:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_server_protection:3.6cbz:*:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_server_protection:3.6cca:*:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_server_protection:3.6ccb:*:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_server_protection:3.6ccc:*:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_server_protection:3.6ccd:*:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_server_protection:3.6cce:*:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_server_protection:3.6ccf:*:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_agent_server:3.6eca:*:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_agent_server:3.6ecd:*:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_agent_server:3.6ece:*:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_agent_server:3.6ecf:*:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_agent_server:3.6ebz:*:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_agent_server:3.6ecb:*:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_agent_server:3.6ecc:*:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_pc_protection:3.6ccf:*:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_pc_protection:3.6cbz:*:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_pc_protection:3.6cca:*:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_pc_protection:3.6ccb:*:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_pc_protection:3.6ccc:*:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_pc_protection:3.6ccd:*:*:*:*:*:*:*
- cpe:2.3:a:iss:blackice_pc_protection:3.6cce:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_desktop:3.6eca:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_desktop:3.6ecf:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_desktop:7.0ebg:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_desktop:3.6ebz:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_desktop:7.0ebh:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_desktop:3.6ecb:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_desktop:3.6ecd:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_desktop:7.0ebj:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_desktop:7.0ebk:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_desktop:3.6ece:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_desktop:7.0ebl:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_desktop:7.0eba:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_desktop:7.0ebf:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_guard:3.6ecb:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_guard:3.6ecd:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_guard:3.6ece:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_guard:3.6ecf:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_guard:3.6ebz:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_guard:3.6eca:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_guard:3.6ecc:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_sentry:3.6ecf:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_sentry:3.6ebz:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_sentry:3.6eca:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_sentry:3.6ecb:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_sentry:3.6ecc:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_sentry:3.6ecd:*:*:*:*:*:*:*
- cpe:2.3:a:iss:realsecure_sentry:3.6ece:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_a_series_xpu:20.11:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_a_series_xpu:22.1:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_a_series_xpu:22.8:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_a_series_xpu:22.9:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_a_series_xpu:22.10:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_a_series_xpu:22.2:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_a_series_xpu:22.3:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_a_series_xpu:22.4:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_a_series_xpu:22.5:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_a_series_xpu:22.6:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_a_series_xpu:22.7:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.3:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.5:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.6:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.1:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.10:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.7:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.8:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.11:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.2:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.9:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.4:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_m_series_xpu:1.4:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_m_series_xpu:1.5:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_m_series_xpu:1.6:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_m_series_xpu:1.7:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_m_series_xpu:1.8:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_m_series_xpu:1.1:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_m_series_xpu:1.9:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_m_series_xpu:1.2:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_m_series_xpu:1.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0362
96.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2004-0362
-
ISS PAM.dll ICQ Parser Buffer Overflow
Disclosure Date: 2004-03-18First seen: 2020-04-26exploit/windows/firewall/blackice_pam_icqThis module exploits a stack buffer overflow in the ISS products that use the iss-pam1.dll ICQ parser (Blackice/RealSecure). Successful exploitation will result in arbitrary code execution as LocalSystem. This exploit only requires 1 UDP packet, which can be both s
CVSS scores for CVE-2004-0362
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2004-0362
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/15543
-
http://www.eeye.com/html/Research/Advisories/AD20040318.html
BeyondTrust | Privileged Access Management, Cyber Security, and Remote Access (formerly Bomgar) | BeyondTrust
-
http://www.securityfocus.com/bid/9913
Exploit;Patch;Vendor Advisory
-
http://www.kb.cert.org/vuls/id/947254
Patch;Third Party Advisory;US Government Resource
-
http://xforce.iss.net/xforce/alerts/id/166
Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/15442
-
http://www.ciac.org/ciac/bulletins/o-104.shtml
-
http://marc.info/?l=bugtraq&m=107965651712378&w=2
Jump to