CVE DATABASE / CVE-2003-0825
CVE-2003-0825
CVSS 9.3 · HIGH
Summary
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
CVSS 2.0 breakdown
| Base score | 9.3 (HIGH) |
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Attack vector | NETWORK |
| Attack complexity | MEDIUM |
| Confidentiality | COMPLETE |
| Integrity | COMPLETE |
| Availability | COMPLETE |
Weakness type (CWE)
Affected products
Microsoft windows 2000Microsoft windows 2003 serverMicrosoft windows nt
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://www.ciac.org/ciac/bulletins/o-077.shtml
- http://www.kb.cert.org/vuls/id/445214
- http://www.osvdb.org/3903
- http://www.securityfocus.com/bid/9624
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-006
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15037
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A704
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A800
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A801
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A802
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.