NVD Vulnerability Detail

CVE-2004-0362

Summary	Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm.
Publication Date	April 15, 2004, 1 p.m.
Registration Date	Jan. 29, 2021, 6 p.m.
Last Update	July 11, 2017, 10:30 a.m.

CVSS2.0 : HIGH
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:iss:blackice_agent_server:3.6ebz:::::::*
cpe:2.3:a:iss:blackice_agent_server:3.6eca:::::::*
cpe:2.3:a:iss:blackice_agent_server:3.6ecb:::::::*
cpe:2.3:a:iss:blackice_agent_server:3.6ecc:::::::*
cpe:2.3:a:iss:blackice_agent_server:3.6ecd:::::::*
cpe:2.3:a:iss:blackice_agent_server:3.6ece:::::::*
cpe:2.3:a:iss:blackice_agent_server:3.6ecf:::::::*
cpe:2.3:a:iss:blackice_pc_protection:3.6cbz:::::::*
cpe:2.3:a:iss:blackice_pc_protection:3.6cca:::::::*
cpe:2.3:a:iss:blackice_pc_protection:3.6ccb:::::::*
cpe:2.3:a:iss:blackice_pc_protection:3.6ccc:::::::*
cpe:2.3:a:iss:blackice_pc_protection:3.6ccd:::::::*
cpe:2.3:a:iss:blackice_pc_protection:3.6cce:::::::*
cpe:2.3:a:iss:blackice_pc_protection:3.6ccf:::::::*
cpe:2.3:a:iss:blackice_server_protection:3.6cbz:::::::*
cpe:2.3:a:iss:blackice_server_protection:3.6cca:::::::*
cpe:2.3:a:iss:blackice_server_protection:3.6ccb:::::::*
cpe:2.3:a:iss:blackice_server_protection:3.6ccc:::::::*
cpe:2.3:a:iss:blackice_server_protection:3.6ccd:::::::*
cpe:2.3:a:iss:blackice_server_protection:3.6cce:::::::*
cpe:2.3:a:iss:blackice_server_protection:3.6ccf:::::::*
cpe:2.3:a:iss:realsecure_desktop:3.6ebz:::::::*
cpe:2.3:a:iss:realsecure_desktop:3.6eca:::::::*
cpe:2.3:a:iss:realsecure_desktop:3.6ecb:::::::*
cpe:2.3:a:iss:realsecure_desktop:3.6ecd:::::::*
cpe:2.3:a:iss:realsecure_desktop:3.6ece:::::::*
cpe:2.3:a:iss:realsecure_desktop:3.6ecf:::::::*
cpe:2.3:a:iss:realsecure_desktop:7.0eba:::::::*
cpe:2.3:a:iss:realsecure_desktop:7.0ebf:::::::*
cpe:2.3:a:iss:realsecure_desktop:7.0ebg:::::::*
cpe:2.3:a:iss:realsecure_desktop:7.0ebh:::::::*
cpe:2.3:a:iss:realsecure_desktop:7.0ebj:::::::*
cpe:2.3:a:iss:realsecure_desktop:7.0ebk:::::::*
cpe:2.3:a:iss:realsecure_desktop:7.0ebl:::::::*
cpe:2.3:a:iss:realsecure_guard:3.6ebz:::::::*
cpe:2.3:a:iss:realsecure_guard:3.6eca:::::::*
cpe:2.3:a:iss:realsecure_guard:3.6ecb:::::::*
cpe:2.3:a:iss:realsecure_guard:3.6ecc:::::::*
cpe:2.3:a:iss:realsecure_guard:3.6ecd:::::::*
cpe:2.3:a:iss:realsecure_guard:3.6ece:::::::*
cpe:2.3:a:iss:realsecure_guard:3.6ecf:::::::*
cpe:2.3:a:iss:realsecure_network_sensor:7.0:::::::*
cpe:2.3:a:iss:realsecure_network_sensor:7.0:xpu_20.11::::::
cpe:2.3:a:iss:realsecure_network_sensor:7.0:xpu_22.10::::::
cpe:2.3:a:iss:realsecure_network_sensor:7.0:xpu_22.4::::::
cpe:2.3:a:iss:realsecure_network_sensor:7.0:xpu_22.9::::::
cpe:2.3:a:iss:realsecure_sentry:3.6ebz:::::::*
cpe:2.3:a:iss:realsecure_sentry:3.6eca:::::::*
cpe:2.3:a:iss:realsecure_sentry:3.6ecb:::::::*
cpe:2.3:a:iss:realsecure_sentry:3.6ecc:::::::*
cpe:2.3:a:iss:realsecure_sentry:3.6ecd:::::::*
cpe:2.3:a:iss:realsecure_sentry:3.6ece:::::::*
cpe:2.3:a:iss:realsecure_sentry:3.6ecf:::::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.0::windows:::::
cpe:2.3:a:iss:realsecure_server_sensor:6.0.1::windows:::::
cpe:2.3:a:iss:realsecure_server_sensor:6.0.1_win_sr1.1:::::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.5::windows:::::
cpe:2.3:a:iss:realsecure_server_sensor:6.5:sr3.2:windows:::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.5:sr3.3:windows:::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.1:::::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.4:::::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.5:::::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.6:::::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.7:::::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.8:::::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.9:::::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.10:::::::*
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.1::::::
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.10::::::
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.11::::::
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.2::::::
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.3::::::
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.4::::::
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.5::::::
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.6::::::
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.7::::::
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.8::::::
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.9::::::

Configuration2	or higher	or less	more than	less than
cpe:2.3:h:iss:proventia_a_series_xpu:20.11:::::::*
cpe:2.3:h:iss:proventia_a_series_xpu:22.1:::::::*
cpe:2.3:h:iss:proventia_a_series_xpu:22.2:::::::*
cpe:2.3:h:iss:proventia_a_series_xpu:22.3:::::::*
cpe:2.3:h:iss:proventia_a_series_xpu:22.4:::::::*
cpe:2.3:h:iss:proventia_a_series_xpu:22.5:::::::*
cpe:2.3:h:iss:proventia_a_series_xpu:22.6:::::::*
cpe:2.3:h:iss:proventia_a_series_xpu:22.7:::::::*
cpe:2.3:h:iss:proventia_a_series_xpu:22.8:::::::*
cpe:2.3:h:iss:proventia_a_series_xpu:22.9:::::::*
cpe:2.3:h:iss:proventia_a_series_xpu:22.10:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.1:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.2:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.3:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.4:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.5:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.6:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.7:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.8:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.9:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.10:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.11:::::::*
cpe:2.3:h:iss:proventia_m_series_xpu:1.1:::::::*
cpe:2.3:h:iss:proventia_m_series_xpu:1.2:::::::*
cpe:2.3:h:iss:proventia_m_series_xpu:1.3:::::::*
cpe:2.3:h:iss:proventia_m_series_xpu:1.4:::::::*
cpe:2.3:h:iss:proventia_m_series_xpu:1.5:::::::*
cpe:2.3:h:iss:proventia_m_series_xpu:1.6:::::::*
cpe:2.3:h:iss:proventia_m_series_xpu:1.7:::::::*
cpe:2.3:h:iss:proventia_m_series_xpu:1.8:::::::*
cpe:2.3:h:iss:proventia_m_series_xpu:1.9:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://marc.info/?l=bugtraq&m=107965651712378&w=2	BUGTRAQ
2	http://secunia.com/advisories/11073	SECUNIA
3	http://www.ciac.org/ciac/bulletins/o-104.shtml	CIAC
4	http://www.eeye.com/html/Research/Advisories/AD20040318.html	EEYE
5	http://www.kb.cert.org/vuls/id/947254	CERT-VN	Patch Third Party Advisory US Government Resource
6	http://www.osvdb.org/4355	OSVDB
7	http://www.securityfocus.com/bid/9913	BID	Exploit Patch Vendor Advisory
8	http://xforce.iss.net/xforce/alerts/id/166	ISS	Patch Vendor Advisory
9	https://exchange.xforce.ibmcloud.com/vulnerabilities/15442	XF
10	https://exchange.xforce.ibmcloud.com/vulnerabilities/15543	XF

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:iss:blackice_agent_server:3.6ebz:::::::*
cpe:2.3:a:iss:blackice_agent_server:3.6eca:::::::*
cpe:2.3:a:iss:blackice_agent_server:3.6ecb:::::::*
cpe:2.3:a:iss:blackice_agent_server:3.6ecc:::::::*
cpe:2.3:a:iss:blackice_agent_server:3.6ecd:::::::*
cpe:2.3:a:iss:blackice_agent_server:3.6ece:::::::*
cpe:2.3:a:iss:blackice_agent_server:3.6ecf:::::::*
cpe:2.3:a:iss:blackice_pc_protection:3.6cbz:::::::*
cpe:2.3:a:iss:blackice_pc_protection:3.6cca:::::::*
cpe:2.3:a:iss:blackice_pc_protection:3.6ccb:::::::*
cpe:2.3:a:iss:blackice_pc_protection:3.6ccc:::::::*
cpe:2.3:a:iss:blackice_pc_protection:3.6ccd:::::::*
cpe:2.3:a:iss:blackice_pc_protection:3.6cce:::::::*
cpe:2.3:a:iss:blackice_pc_protection:3.6ccf:::::::*
cpe:2.3:a:iss:blackice_server_protection:3.6cbz:::::::*
cpe:2.3:a:iss:blackice_server_protection:3.6cca:::::::*
cpe:2.3:a:iss:blackice_server_protection:3.6ccb:::::::*
cpe:2.3:a:iss:blackice_server_protection:3.6ccc:::::::*
cpe:2.3:a:iss:blackice_server_protection:3.6ccd:::::::*
cpe:2.3:a:iss:blackice_server_protection:3.6cce:::::::*
cpe:2.3:a:iss:blackice_server_protection:3.6ccf:::::::*
cpe:2.3:a:iss:realsecure_desktop:3.6ebz:::::::*
cpe:2.3:a:iss:realsecure_desktop:3.6eca:::::::*
cpe:2.3:a:iss:realsecure_desktop:3.6ecb:::::::*
cpe:2.3:a:iss:realsecure_desktop:3.6ecd:::::::*
cpe:2.3:a:iss:realsecure_desktop:3.6ece:::::::*
cpe:2.3:a:iss:realsecure_desktop:3.6ecf:::::::*
cpe:2.3:a:iss:realsecure_desktop:7.0eba:::::::*
cpe:2.3:a:iss:realsecure_desktop:7.0ebf:::::::*
cpe:2.3:a:iss:realsecure_desktop:7.0ebg:::::::*
cpe:2.3:a:iss:realsecure_desktop:7.0ebh:::::::*
cpe:2.3:a:iss:realsecure_desktop:7.0ebj:::::::*
cpe:2.3:a:iss:realsecure_desktop:7.0ebk:::::::*
cpe:2.3:a:iss:realsecure_desktop:7.0ebl:::::::*
cpe:2.3:a:iss:realsecure_guard:3.6ebz:::::::*
cpe:2.3:a:iss:realsecure_guard:3.6eca:::::::*
cpe:2.3:a:iss:realsecure_guard:3.6ecb:::::::*
cpe:2.3:a:iss:realsecure_guard:3.6ecc:::::::*
cpe:2.3:a:iss:realsecure_guard:3.6ecd:::::::*
cpe:2.3:a:iss:realsecure_guard:3.6ece:::::::*
cpe:2.3:a:iss:realsecure_guard:3.6ecf:::::::*
cpe:2.3:a:iss:realsecure_network_sensor:7.0:::::::*
cpe:2.3:a:iss:realsecure_network_sensor:7.0:xpu_20.11::::::
cpe:2.3:a:iss:realsecure_network_sensor:7.0:xpu_22.10::::::
cpe:2.3:a:iss:realsecure_network_sensor:7.0:xpu_22.4::::::
cpe:2.3:a:iss:realsecure_network_sensor:7.0:xpu_22.9::::::
cpe:2.3:a:iss:realsecure_sentry:3.6ebz:::::::*
cpe:2.3:a:iss:realsecure_sentry:3.6eca:::::::*
cpe:2.3:a:iss:realsecure_sentry:3.6ecb:::::::*
cpe:2.3:a:iss:realsecure_sentry:3.6ecc:::::::*
cpe:2.3:a:iss:realsecure_sentry:3.6ecd:::::::*
cpe:2.3:a:iss:realsecure_sentry:3.6ece:::::::*
cpe:2.3:a:iss:realsecure_sentry:3.6ecf:::::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.0::windows:::::
cpe:2.3:a:iss:realsecure_server_sensor:6.0.1::windows:::::
cpe:2.3:a:iss:realsecure_server_sensor:6.0.1_win_sr1.1:::::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.5::windows:::::
cpe:2.3:a:iss:realsecure_server_sensor:6.5:sr3.2:windows:::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.5:sr3.3:windows:::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.1:::::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.4:::::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.5:::::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.6:::::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.7:::::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.8:::::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.9:::::::*
cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.10:::::::*
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.1::::::
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.10::::::
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.11::::::
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.2::::::
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.3::::::
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.4::::::
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.5::::::
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.6::::::
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.7::::::
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.8::::::
cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.9::::::

Configuration2	or higher	or less	more than	less than
cpe:2.3:h:iss:proventia_a_series_xpu:20.11:::::::*
cpe:2.3:h:iss:proventia_a_series_xpu:22.1:::::::*
cpe:2.3:h:iss:proventia_a_series_xpu:22.2:::::::*
cpe:2.3:h:iss:proventia_a_series_xpu:22.3:::::::*
cpe:2.3:h:iss:proventia_a_series_xpu:22.4:::::::*
cpe:2.3:h:iss:proventia_a_series_xpu:22.5:::::::*
cpe:2.3:h:iss:proventia_a_series_xpu:22.6:::::::*
cpe:2.3:h:iss:proventia_a_series_xpu:22.7:::::::*
cpe:2.3:h:iss:proventia_a_series_xpu:22.8:::::::*
cpe:2.3:h:iss:proventia_a_series_xpu:22.9:::::::*
cpe:2.3:h:iss:proventia_a_series_xpu:22.10:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.1:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.2:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.3:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.4:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.5:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.6:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.7:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.8:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.9:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.10:::::::*
cpe:2.3:h:iss:proventia_g_series_xpu:22.11:::::::*
cpe:2.3:h:iss:proventia_m_series_xpu:1.1:::::::*
cpe:2.3:h:iss:proventia_m_series_xpu:1.2:::::::*
cpe:2.3:h:iss:proventia_m_series_xpu:1.3:::::::*
cpe:2.3:h:iss:proventia_m_series_xpu:1.4:::::::*
cpe:2.3:h:iss:proventia_m_series_xpu:1.5:::::::*
cpe:2.3:h:iss:proventia_m_series_xpu:1.6:::::::*
cpe:2.3:h:iss:proventia_m_series_xpu:1.7:::::::*
cpe:2.3:h:iss:proventia_m_series_xpu:1.8:::::::*
cpe:2.3:h:iss:proventia_m_series_xpu:1.9:::::::*