Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
Threat-Mapped Scoring
Score: 1.9
Priority: P3 - Important (Medium)
S9 – Sabotage of System/App
S10 – Denial of Service (+0.1 bonus)
EPSS
Score: 0.46218Percentile:
0.97518
CVSS Scoring
CVSS v2 Score: 7.5
Severity:
Affected Products
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server_alpha:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me