Unrated severityNVD Advisory· Published Nov 3, 2004· Updated Apr 16, 2026

CVE-2004-0574

Description

The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.

Affected products

Microsoft/Exchange Server2 versions
cpe:2.3:a:microsoft:exchange_server:2000:-:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:exchange_server:2000:-:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2003:-:*:*:*:*:*:*
Microsoft/Windows 2000
cpe:2.3:o:microsoft:windows_2000:-:-:*:*:*:*:*:*
Microsoft/Windows Nt
cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:server:*:*:*
Microsoft/Windows Server 2003
cpe:2.3:o:microsoft:windows_server_2003:r2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/203126nvdPatchThird Party AdvisoryUS Government Resource
docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-036nvdPatchVendor Advisory
marc.infonvdMailing ListThird Party Advisory
www.coresecurity.com/common/showdoc.phpnvdThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/17641nvdThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/17661nvdThird Party AdvisoryVDB Entry
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A246nvdThird Party Advisory
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4392nvdThird Party Advisory
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5021nvdThird Party Advisory
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5070nvdThird Party Advisory
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5926nvdThird Party Advisory
www.ciac.org/ciac/bulletins/p-012.shtmlnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.068
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000