Vulnerability Details : CVE-2004-0445
The SYMDNS.SYS driver in Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a DNS response with a compressed name pointer that points to itself.
Vulnerability category: Denial of service
Products affected by CVE-2004-0445
- cpe:2.3:a:symantec:norton_internet_security:2002:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:2002:*:pro:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:2003:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:2003:*:pro:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:2004:*:pro:*:*:*:*:*
- cpe:2.3:a:symantec:norton_personal_firewall:2002:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_personal_firewall:2003:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_personal_firewall:2004:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antispam:2004:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_firewall:5.01:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_firewall:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:1.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0445
90.94%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0445
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.6
|
LOW | AV:N/AC:H/Au:N/C:N/I:N/A:P |
4.9
|
2.9
|
NIST |
References for CVE-2004-0445
-
http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html
Patch;Vendor Advisory
-
http://securitytracker.com/id?1010145
-
http://securitytracker.com/id?1010144
-
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021359.html
-
http://www.ciac.org/ciac/bulletins/o-141.shtml
-
http://securitytracker.com/id?1010146
-
http://www.securityfocus.com/bid/10336
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/16132
-
http://www.kb.cert.org/vuls/id/682110
Patch;Third Party Advisory;US Government Resource
Jump to