{"vuid":"VU#353956","idnumber":"353956","name":"Microsoft Windows H.323 implementation fails to handle malformed requests","keywords":["Microsoft","Windows","H.323","unchecked buffers","Q835732","MS04-011"],"overview":"A vulnerabilities in Microsoft Windows' implementation of the multimedia telephony protocol H.323 could lead to the ability to remotely execute arbitrary code on the system.","clean_desc":"Microsoft Windows' implementation of the H.323 protocol contains a buffer overflow in the handling of requests. An attacker may be able to send a crafted request to the vulnerable system and exploit this vulnerability to execute arbitrary code. This vulnerability affects the following systems: Windows XP\nWindows Server 2003\nWindows 2000\nWindows 98, 98 SE, ME \nSystems running a stand-alone version of NetMeeting prior to version 3.01 (4.4.3399)","impact":"An attacker may be able to send a crafted request to the vulnerable system and exploit this vulnerability to execute arbitrary code.","resolution":"Apply a patch from the vendor Microsoft Security Bulletin MS04-011 contains patch information to resolve this issue.","workarounds":"","sysaffected":"","thanks":"Thanks to Microsoft for reporting this vulnerability.","author":"This document was written by Jason A Rafail.","public":["h","t","t","p",":","/","/","w","w","w",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","t","e","c","h","n","e","t","/","s","e","c","u","r","i","t","y","/","b","u","l","l","e","t","i","n","/","m","s","0","4","-","0","1","1",".","m","s","p","x"],"cveids":["CVE-2004-0117"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-04-13T19:47:22Z","publicdate":"2004-04-13T00:00:00Z","datefirstpublished":"2004-04-14T14:27:17Z","dateupdated":"2004-04-14T14:27:33Z","revision":4,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"14","cam_population":"15","cam_impact":"20","cam_easeofexploitation":"14","cam_attackeraccessrequired":"15","cam_scorecurrent":"34.25625","cam_scorecurrentwidelyknown":"40.1625","cam_scorecurrentwidelyknownexploited":"63.7875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":34.25625,"vulnote":null}