CVE-2004-0574

Name of the Vulnerable Software and Affected Versions Microsoft Windows NT Server version 4.0 Microsoft Windows 2000 Server (affected versions not specified) Microsoft Windows Server 2003 (affected versions not specified) Microsoft Exchange 2000 Server (affected versions not specified) Microsoft Exchange Server 2003 (affected versions not specified)

Description The issue is related to the Network News Transfer Protocol (NNTP) component, which allows remote attackers to execute arbitrary code via XPAT patterns. This is possibly due to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.

Recommendations For Microsoft Windows NT Server version 4.0, update to a version that includes the fix for this issue. For Microsoft Windows 2000 Server, apply the recommended configuration changes to mitigate the risk. For Microsoft Windows Server 2003, restrict access to the NNTP component until a patch is available. For Microsoft Exchange 2000 Server, consider disabling the NNTP component as a temporary workaround. For Microsoft Exchange Server 2003, avoid using XPAT patterns in the NNTP component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.