Cyber Resilience

CVE-2004-0210

HighCISA KEVActive ExploitationEUVD Exploited

Published: 06 August 2004

Published
06 August 2004
Modified
16 April 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0679 91.5th percentile
Risk Priority 40 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2004-0210 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Microsoft Windows 2000. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 8.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

The vulnerability is a buffer overflow, identified as CWE-120, in the POSIX component of Microsoft Windows NT and Windows 2000. It is triggered by certain parameters, possibly involving modification of message length values, and carries a CVSS 3.1 score of 7.8 with a local attack vector.

Local users with access to an affected system can exploit the flaw to execute arbitrary code, resulting in full impacts to confidentiality, integrity, and availability. The issue was published in August 2004.

Advisories and patches referenced in sources such as the Microsoft security bulletin MS04-020, US-CERT TA04-196A, and CERT VU 647436 address the vulnerability through updates for the impacted Windows platforms.

EU & UK References

Vulnerability details

The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
interix
2.2
microsoft
windows 2000
all versions
microsoft
windows nt
4.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Memory Protection directly blocks exploitation of the buffer overflow in the POSIX component by enforcing bounds checking and address-space protections.

prevent

Information Input Validation would reject malformed parameters and message-length values that trigger the CWE-120 overflow.

prevent

Flaw Remediation requires timely application of the vendor patches (MS04-020) that eliminate the vulnerable POSIX code path.

References