CVE-2004-0567

Name of the Vulnerable Software and Affected Versions Windows NT Server version 4.0 SP 6a Windows NT Terminal Server version 4.0 SP 6 Windows 2000 Server versions SP3 and SP4 Windows Server 2003 (affected versions not specified)

Description The issue arises from improper validation of the computer name value in a WINS packet by the Windows Internet Naming Service (WINS), allowing remote attackers to execute arbitrary code or cause a denial of service, resulting in a server crash. This is due to an "unchecked buffer" that may trigger a buffer overflow.

Recommendations For Windows NT Server version 4.0 SP 6a, update to a version that includes the fix for the Name Validation issue. For Windows NT Terminal Server version 4.0 SP 6, update to a version that includes the fix for the Name Validation issue. For Windows 2000 Server versions SP3 and SP4, update to a version that includes the fix for the Name Validation issue. For Windows Server 2003, at the moment, there is no information about a newer version that contains a fix for this vulnerability.