CVE-2004-0210
Published: 06 August 2004
Summary
CVE-2004-0210 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Microsoft Windows 2000. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 8.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
The vulnerability is a buffer overflow, identified as CWE-120, in the POSIX component of Microsoft Windows NT and Windows 2000. It is triggered by certain parameters, possibly involving modification of message length values, and carries a CVSS 3.1 score of 7.8 with a local attack vector.
Local users with access to an affected system can exploit the flaw to execute arbitrary code, resulting in full impacts to confidentiality, integrity, and availability. The issue was published in August 2004.
Advisories and patches referenced in sources such as the Microsoft security bulletin MS04-020, US-CERT TA04-196A, and CERT VU 647436 address the vulnerability through updates for the impacted Windows platforms.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2004-0210
Vulnerability details
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Memory Protection directly blocks exploitation of the buffer overflow in the POSIX component by enforcing bounds checking and address-space protections.
Information Input Validation would reject malformed parameters and message-length values that trigger the CWE-120 overflow.
Flaw Remediation requires timely application of the vendor patches (MS04-020) that eliminate the vulnerable POSIX code path.