CVE-2004-0567
Description
The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The AI Insight narrative is available to signed-in members. Sign in or create a free account to read it.
Affected products
7cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*
- Range: Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, Windows Server 2003
Patches
Discovered fix commits and diffs is available to signed-in members. Sign in or create a free account to read it.
Vulnerability mechanics
Root cause
"Unchecked buffer in WINS computer name validation allows a specially-crafted packet to overflow the allocated buffer."
Attack vector
An anonymous remote attacker sends a specially-crafted network packet to TCP or UDP port 42 on a WINS server [ref_id=1]. The WINS service fails to properly validate the computer name value in the packet before copying it into a fixed-size buffer, causing an unchecked buffer overflow [ref_id=1]. On Windows NT 4.0 Server, Windows 2000 Server, and Windows Server 2003, this can allow arbitrary code execution; on Windows Server 2003, the built-in stack-based buffer overrun detection typically causes the service to crash instead, resulting in a denial of service [ref_id=1]. Firewall best practices that block port 42 at the network perimeter mitigate the attack vector [ref_id=1].
Affected code
The advisory does not specify the exact function or file path. The vulnerability resides in the WINS service component that parses incoming name registration and resolution packets on TCP/UDP port 42 [ref_id=1].
What the fix does
The security update changes the method that WINS uses to validate the computer name value before passing it to the allocated buffer [ref_id=1]. By adding proper bounds checking on the name field, the update prevents the unchecked buffer condition that an attacker could trigger with a malicious packet [ref_id=1]. No patch diff is included in the bundle; the advisory states only that the validation logic was corrected.
Preconditions
- networkAttacker must be able to send a specially-crafted network packet to TCP or UDP port 42 on a WINS server.
- configThe target system must be running the WINS service. WINS is not installed by default on most Windows Server editions, but is installed by default on Microsoft Small Business Server 2000 and 2003.
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- www.ciac.org/ciac/bulletins/p-054.shtmlnvdPatchVendor Advisory
- www.kb.cert.org/vuls/id/378160nvdPatchThird Party AdvisoryUS Government Resource
- secunia.com/advisories/13466nvd
- securitytracker.com/idnvd
- www.osvdb.org/12370nvd
- www.securityfocus.com/bid/11922nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-045nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/18259nvd
News mentions
0No linked articles in our index yet.