VDB
CVE-2004-0119
CVE-2004-0119
PUBLISHED
CVSS 7.5 HIGH
The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.
EPSS 24.86% · 96.3th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
24.86%
96.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| microsoft | windows_server_2003 | |
| microsoft | windows_xp | |
| microsoft | windows_2000 |
Timeline
- Apr 16, 2004 CVE Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
- Feb 13, 2024 EPSS Score
References
- O-114 third-party-advisory
- VU#638548 third-party-advisory
- 10113 vdb
- win-spp-bo(15715) vdb
- MS04-011 vendor-advisory
- 20040414 NSFOCUS SA2004-01 : DoS Vulnerability in Microsoft Windows SPNEGO Protocol Decoding mailing-list
- oval:org.mitre.oval:def:1808 vdb
- TA04-104A third-party-advisory
- oval:org.mitre.oval:def:1962 vdb
- oval:org.mitre.oval:def:1997 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2004-0119 advisory