CVE-2004-0202
CVSS5.0
发布时间 :2004-08-06 00:00:00
修订时间 :2008-09-10 15:25:29
NMCOPS    

[原文]IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.


[CNNVD]Microsoft DirectX DirectPlay远程畸形包拒绝服务漏洞(MS04-016)(CNNVD-200408-080)

        
        DirectX是Windows操作系统下的多媒体系统链接库。
        Microsoft DirectX DirectPlay由于不正确处理畸形网络数据,远程攻击者可以利用这个漏洞对链接的应用程序进行拒绝服务攻击。
        Microsoft DirectPlay的IDirectPlay4应用编程接口存在拒绝服务问题,此API一般处理基于网络的多人游戏,攻击者利用此问题可导致应用程序崩溃,目前没有详细漏洞细节提供。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:directx:7.0aMicrosoft DirectX 7.0a
cpe:/o:microsoft:windows_meMicrosoft Windows ME
cpe:/o:microsoft:windows_98::goldMicrosoft windows 98_gold
cpe:/o:microsoft:windows_2003_server:r2::64-bit
cpe:/a:microsoft:directx:9.0bMicrosoft DirectX 9.0b
cpe:/o:microsoft:windows_2000::sp3:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP3
cpe:/a:microsoft:directx:8.0aMicrosoft DirectX 8.0a
cpe:/o:microsoft:windows_xp::gold:professionalMicrosoft Windows XP Professional Gold
cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit
cpe:/o:microsoft:windows_2000::sp2:professionalMicrosoft Windows 2000 Professional SP2
cpe:/o:microsoft:windows_2000::sp3:serverMicrosoft Windows 2000 Server SP3
cpe:/o:microsoft:windows_2003_server:enterprise::64-bit
cpe:/a:microsoft:directx:8.2Microsoft DirectX 8.2
cpe:/o:microsoft:windows_xp::sp1:64-bit
cpe:/o:microsoft:windows_2000::sp4:serverMicrosoft Windows 2000 Server SP4
cpe:/a:microsoft:directx:7.0Microsoft DirectX 7.0
cpe:/o:microsoft:windows_xp::sp1:home
cpe:/o:microsoft:windows_2003_server:standard::64-bit
cpe:/o:microsoft:windows_2003_server:enterprise_64-bit
cpe:/o:microsoft:windows_98seMicrosoft windows 98_se
cpe:/a:microsoft:directx:8.0Microsoft DirectX 8.0
cpe:/o:microsoft:windows_2000::sp3:professionalMicrosoft Windows 2000 Professional SP3
cpe:/a:microsoft:directx:9.0aMicrosoft DirectX 9.0a
cpe:/o:microsoft:windows_xp:::home
cpe:/a:microsoft:directx:8.1bMicrosoft DirectX 8.1b
cpe:/o:microsoft:windows_xp:::64-bit
cpe:/a:microsoft:directx:8.1Microsoft DirectX 8.1
cpe:/a:microsoft:directx:8.1aMicrosoft DirectX 8.1a
cpe:/o:microsoft:windows_2000::sp2:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP2
cpe:/o:microsoft:windows_2003_server:web
cpe:/o:microsoft:windows_2000::sp4:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP4
cpe:/o:microsoft:windows_2000::sp2:serverMicrosoft Windows 2000 Server SP2
cpe:/a:microsoft:directx:7.1Microsoft DirectX 7.1
cpe:/o:microsoft:windows_2000::sp4:professionalMicrosoft Windows 2000 Professional SP4

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:2705Windows XP/Server 2003 DirectPlay Denial of Service (Test 2)
oval:org.mitre.oval:def:2516Windows Server 2003 (32-Bit) DirectPlay Denial of Service
oval:org.mitre.oval:def:2413Windows XP (64-Bit) DirectPlay Denial of Service
oval:org.mitre.oval:def:2190Windows XP (32-Bit) DirectPlay Denial of Service
oval:org.mitre.oval:def:1027Windows 2000 DirectPlay Denial of Service
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0202
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0202
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-080
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/10487
(VENDOR_ADVISORY)  BID  10487
http://www.microsoft.com/technet/security/bulletin/ms04-016.asp
(UNKNOWN)  MS  MS04-016
http://xforce.iss.net/xforce/xfdb/16306
(UNKNOWN)  XF  ms-directx-directplay-dos(16306)
http://www.osvdb.org/6742
(UNKNOWN)  OSVDB  6742
http://secunia.com/advisories/11802
(UNKNOWN)  SECUNIA  11802

- 漏洞信息

Microsoft DirectX DirectPlay远程畸形包拒绝服务漏洞(MS04-016)
中危 其他
2004-08-06 00:00:00 2005-10-20 00:00:00
远程  
        
        DirectX是Windows操作系统下的多媒体系统链接库。
        Microsoft DirectX DirectPlay由于不正确处理畸形网络数据,远程攻击者可以利用这个漏洞对链接的应用程序进行拒绝服务攻击。
        Microsoft DirectPlay的IDirectPlay4应用编程接口存在拒绝服务问题,此API一般处理基于网络的多人游戏,攻击者利用此问题可导致应用程序崩溃,目前没有详细漏洞细节提供。
        

- 公告与补丁

        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS04-016)以及相应补丁:
        MS04-016:Vulnerability in DirectPlay Could Allow Denial of Service (839643)
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS04-016.mspx

        补丁下载:
        Microsoft Windows 2000 Professional SP4:
        Microsoft Patch Security Update for DirectX 7.0 (KB839643)
        
        http://download.microsoft.com/download/7/c/2/7c25145d-5c6d-4408-b2c2-56bbab0d8335/Windows2000-KB839643-x86-ENU.EXE

        It should be noted that this fix targets Windows 2000:
        Microsoft Windows 2000 Server SP4:
        Microsoft Patch Security Update for DirectX 7.0 (KB839643)
        
        http://download.microsoft.com/download/7/c/2/7c25145d-5c6d-4408-b2c2-56bbab0d8335/Windows2000-KB839643-x86-ENU.EXE

        It should be noted that this fix targets Windows 2000:
        Microsoft Windows 2000 Professional SP3:
        Microsoft Patch Security Update for DirectX 7.0 (KB839643)
        
        http://download.microsoft.com/download/7/c/2/7c25145d-5c6d-4408-b2c2-56bbab0d8335/Windows2000-KB839643-x86-ENU.EXE

        It should be noted that this fix targets Windows 2000:
        Microsoft Windows 2000 Server SP3:
        Microsoft Patch Security Update for DirectX 7.0 (KB839643)
        
        http://download.microsoft.com/download/7/c/2/7c25145d-5c6d-4408-b2c2-56bbab0d8335/Windows2000-KB839643-x86-ENU.EXE

        It should be noted that this fix targets Windows 2000:
        Microsoft Windows 2000 Professional SP2:
        Microsoft Patch Security Update for DirectX 7.0 (KB839643)
        
        http://download.microsoft.com/download/7/c/2/7c25145d-5c6d-4408-b2c2-56bbab0d8335/Windows2000-KB839643-x86-ENU.EXE

        It should be noted that this fix targets Windows 2000:
        Microsoft Windows 2000 Server SP2:
        Microsoft Patch Security Update for DirectX 7.0 (KB839643)
        
        http://download.microsoft.com/download/7/c/2/7c25145d-5c6d-4408-b2c2-56bbab0d8335/Windows2000-KB839643-x86-ENU.EXE

        It should be noted that this fix targets Windows 2000:
        Microsoft Windows XP Home SP1:
        Microsoft Patch Security Update for Windows XP (KB839643)
        
        http://download.microsoft.com/download/1/e/5/1e5d946b-3ee9-4c6a-b364-0eb45aef8146/WindowsXP-KB839643-x86-ENU.EXE

        Microsoft Windows XP Professional SP1:
        Microsoft Patch Security Update for Windows XP (KB839643)
        
        http://download.microsoft.com/download/1/e/5/1e5d946b-3ee9-4c6a-b364-0eb45aef8146/WindowsXP-KB839643-x86-ENU.EXE

        Microsoft Windows XP 64-bit Edition SP1:
        Microsoft Patch Security Update for Windows XP 64-bit Edition (KB839643)
        
        http://download.microsoft.com/download/9/e/9/9e91475c-102d-4291-bc68-51d3edb654e7/WindowsXP-KB839643-ia64-ENU.EXE

        Microsoft Windows XP 64-bit Edition Version 2003 SP1:
        Microsoft Patch Security Update for Windows Server 2003 64 Bit Ed. and Windows XP 64 Bit Ed. V.2003 (KB839643)
        
        http://download.microsoft.com/download/e/b/3/eb34a668-6145-4842-8873-5b4f33ecc929/WindowsServer2003-KB839643-IA64-ENU.EXE

        Microsoft Windows Server 2003 Standard Edition :
        Microsoft Patch Security Update for Windows Server 2003 (KB839643)
        
        http://download.microsoft.com/download/3/a/9/3a996897-848d-479d-933f-f7f13776db02/WindowsServer2003-KB839643-x86-ENU.EXE

        Microsoft Windows Server 2003 Enterprise Edition :
        Microsoft Patch Security Update for Windows Server 2003 (KB839643)
        
        http://download.microsoft.com/download/3/a/9/3a996897-848d-479d-933f-f7f13776db02/WindowsServer2003-KB839643-x86-ENU.EXE

        Microsoft Windows Server 2003 Datacenter Edition :
        Microsoft Patch Security Update for Windows Server 2003 (KB839643)
        
        http://download.microsoft.com/download/3/a/9/3a996897-848d-479d-933f-f7f13776db02/WindowsServer2003-KB839643-x86-ENU.EXE

        Microsoft Windows Server 2003 Web Edition :
        Microsoft Patch Security Update for Windows Server 2003 (KB839643)
        
        http://download.microsoft.com/download/3/a/9/3a996897-848d-479d-933f-f7f13776db02/WindowsServer2003-KB839643-x86-ENU.EXE

        Microsoft Windows Server 2003 Enterprise Edition 64-bit :
        Microsoft Patch Security Update for Windows Server 2003 64 Bit Ed. and Windows XP 64 Bit Ed. V.2003 (KB839643)
        
        http://download.microsoft.com/download/e/b/3/eb34a668-6145-4842-8873-5b4f33ecc929/WindowsServer2003-KB839643-IA64-ENU.EXE

        Microsoft Windows Server 2003 Datacenter Edition 64-bit :
        Microsoft Patch Security Update for Windows Server 2003 64 Bit Ed. and Windows XP 64 Bit Ed. V.2003 (KB839643)
        
        http://download.microsoft.com/download/e/b/3/eb34a668-6145-4842-8873-5b4f33ecc929/WindowsServer2003-KB839643-IA64-ENU.EXE

        Microsoft Windows XP 64-bit Edition Version 2003 :
        Microsoft Patch Security Update for Windows Server 2003 64 Bit Ed. and Windows XP 64 Bit Ed. V.2003 (KB839643)
        
        http://download.microsoft.com/download/e/b/3/eb34a668-6145-4842-8873-5b4f33ecc929/WindowsServer2003-KB839643-IA64-ENU.EXE

        Microsoft Windows XP Professional :
        Microsoft Patch Security Update for Windows XP (KB839643)
        
        http://download.microsoft.com/download/1/e/5/1e5d946b-3ee9-4c6a-b364-0eb45aef8146/WindowsXP-KB839643-x86-ENU.EXE

        Microsoft Windows XP Home :
        Microsoft Patch Security Update for Windows XP (KB839643)
        
        http://download.microsoft.com/download/1/e/5/1e5d946b-3ee9-4c6a-b364-0eb45aef8146/WindowsXP-KB839643-x86-ENU.EXE

        Microsoft Windows XP 64-bit Edition :
        Microsoft Patch Security Update for Windows XP 64-bit Edition (KB839643)
        

- 漏洞信息 (F33505)

ms04-016.txt (PacketStormID:F33505)
2004-06-09 00:00:00
 
advisory,denial of service
CVE-2004-0202
[点击下载]

Microsoft Security Bulletin - A denial of service vulnerability exists in the implementation of the IDirectPlay4 application programming interface (API) of Microsoft DirectPlay because of a lack of robust packet validation.

Microsoft Security Bulletin MS04-016


    Vulnerability in DirectPlay Could Allow Denial of Service (839643)

*Issued:* June 8, 2004
*Version:* 1.0


      Summary

*Who should read this document:* Customers who use Microsoft    

- 漏洞信息

6742
Microsoft DirectPlay Packet Validation DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Availability

- 漏洞描述

Microsoft DirectPlay contains a flaw that may allow a remote denial of service. The issue is due to the implementation of the IDirectPlay4 API of Microsoft DirectPlay improperly validating packets. By sending a specially crafted packet, a remote attacker can crash the networked DirectPlay applications, resulting in a loss of availability.

- 时间线

2004-06-08 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Microsoft DirectX DirectPlay Remote Malformed Packet Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 10487
Yes No
2004-06-08 12:00:00 2009-07-12 05:16:00
This issue was discovered by John Lampe of Tenable Network Security.

- 受影响的程序版本

Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP 64-bit Edition Version 2003 SP1
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows XP 64-bit Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows ME
Microsoft Windows 98SE
Microsoft Windows 98
Microsoft Windows 2000 Terminal Services SP4
+ Microsoft Windows 2000 Advanced Server SP4
+ Microsoft Windows 2000 Datacenter Server SP4
+ Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Terminal Services SP3
+ Microsoft Windows 2000 Advanced Server SP3
+ Microsoft Windows 2000 Datacenter Server SP3
+ Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Terminal Services SP2
+ Microsoft Windows 2000 Advanced Server SP2
+ Microsoft Windows 2000 Datacenter Server SP2
+ Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP2
Microsoft DirectX 9.0b
Microsoft DirectX 9.0 a
+ Microsoft Windows 2000 Advanced Server SP4
+ Microsoft Windows 2000 Advanced Server SP4
+ Microsoft Windows 2000 Advanced Server SP3
+ Microsoft Windows 2000 Advanced Server SP3
+ Microsoft Windows 2000 Advanced Server SP2
+ Microsoft Windows 2000 Advanced Server SP2
+ Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Datacenter Server SP4
+ Microsoft Windows 2000 Datacenter Server SP4
+ Microsoft Windows 2000 Datacenter Server SP3
+ Microsoft Windows 2000 Datacenter Server SP3
+ Microsoft Windows 2000 Datacenter Server SP2
+ Microsoft Windows 2000 Datacenter Server SP2
+ Microsoft Windows 2000 Datacenter Server SP1
+ Microsoft Windows 2000 Datacenter Server SP1
+ Microsoft Windows 2000 Datacenter Server
+ Microsoft Windows 2000 Datacenter Server
+ Microsoft Windows 2000 Professional SP4
+ Microsoft Windows 2000 Professional SP4
+ Microsoft Windows 2000 Professional SP3
+ Microsoft Windows 2000 Professional SP3
+ Microsoft Windows 2000 Professional SP2
+ Microsoft Windows 2000 Professional SP2
+ Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Server SP4
+ Microsoft Windows 2000 Server SP4
+ Microsoft Windows 2000 Server SP3
+ Microsoft Windows 2000 Server SP3
+ Microsoft Windows 2000 Server SP2
+ Microsoft Windows 2000 Server SP2
+ Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server
+ Microsoft Windows 2000 Server
+ Microsoft Windows ME
+ Microsoft Windows ME
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows XP 0
+ Microsoft Windows XP 64-bit Edition SP1
+ Microsoft Windows XP 64-bit Edition SP1
+ Microsoft Windows XP 64-bit Edition
+ Microsoft Windows XP 64-bit Edition
+ Microsoft Windows XP Home SP1
+ Microsoft Windows XP Home SP1
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home
+ Microsoft Windows XP Media Center Edition
+ Microsoft Windows XP Media Center Edition
+ Microsoft Windows XP Professional SP1
+ Microsoft Windows XP Professional SP1
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional
Microsoft DirectX 8.2
Microsoft DirectX 8.1 b
Microsoft DirectX 8.1 a
Microsoft DirectX 8.1
Microsoft DirectX 8.0 a
Microsoft DirectX 8.0
Microsoft DirectX 7.1
Microsoft DirectX 7.0 a
+ Microsoft Windows ME
+ Microsoft Windows ME
Microsoft DirectX 7.0
+ Microsoft Windows 2000 Advanced Server SP4
+ Microsoft Windows 2000 Advanced Server SP4
+ Microsoft Windows 2000 Advanced Server SP3
+ Microsoft Windows 2000 Advanced Server SP3
+ Microsoft Windows 2000 Advanced Server SP2
+ Microsoft Windows 2000 Advanced Server SP2
+ Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Datacenter Server SP4
+ Microsoft Windows 2000 Datacenter Server SP4
+ Microsoft Windows 2000 Datacenter Server SP3
+ Microsoft Windows 2000 Datacenter Server SP3
+ Microsoft Windows 2000 Datacenter Server SP2
+ Microsoft Windows 2000 Datacenter Server SP2
+ Microsoft Windows 2000 Datacenter Server SP1
+ Microsoft Windows 2000 Datacenter Server SP1
+ Microsoft Windows 2000 Datacenter Server
+ Microsoft Windows 2000 Datacenter Server
+ Microsoft Windows 2000 Professional SP4
+ Microsoft Windows 2000 Professional SP4
+ Microsoft Windows 2000 Professional SP3
+ Microsoft Windows 2000 Professional SP3
+ Microsoft Windows 2000 Professional SP2
+ Microsoft Windows 2000 Professional SP2
+ Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Server SP4
+ Microsoft Windows 2000 Server SP4
+ Microsoft Windows 2000 Server SP3
+ Microsoft Windows 2000 Server SP3
+ Microsoft Windows 2000 Server SP2
+ Microsoft Windows 2000 Server SP2
+ Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server
+ Microsoft Windows 2000 Server
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Terminal Server 4.0
Microsoft Windows NT Server 4.0
Microsoft Windows NT Enterprise Server 4.0
Microsoft Windows NT 4.0
+ Microsoft Windows NT Enterprise Server 4.0
+ Microsoft Windows NT Enterprise Server 4.0
+ Microsoft Windows NT Server 4.0
+ Microsoft Windows NT Server 4.0
+ Microsoft Windows NT Terminal Server 4.0
+ Microsoft Windows NT Terminal Server 4.0
+ Microsoft Windows NT Workstation 4.0
+ Microsoft Windows NT Workstation 4.0
Microsoft DirectX 6.1
+ Microsoft Windows 98SE
+ Microsoft Windows 98SE
Microsoft DirectX 5.2
+ Microsoft Windows 98
+ Microsoft Windows 98

- 不受影响的程序版本

Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Terminal Server 4.0
Microsoft Windows NT Server 4.0
Microsoft Windows NT Enterprise Server 4.0
Microsoft Windows NT 4.0
+ Microsoft Windows NT Enterprise Server 4.0
+ Microsoft Windows NT Enterprise Server 4.0
+ Microsoft Windows NT Server 4.0
+ Microsoft Windows NT Server 4.0
+ Microsoft Windows NT Terminal Server 4.0
+ Microsoft Windows NT Terminal Server 4.0
+ Microsoft Windows NT Workstation 4.0
+ Microsoft Windows NT Workstation 4.0
Microsoft DirectX 6.1
+ Microsoft Windows 98SE
+ Microsoft Windows 98SE
Microsoft DirectX 5.2
+ Microsoft Windows 98
+ Microsoft Windows 98

- 漏洞讨论

Microsoft DirectX DirectPlay is affected by a remote denial of service vulnerability. This issue is due to a failure of the affected library to properly handle malformed network data.

An attacker can exploit this vulnerability to cause an application using the affected DirectPlay library to crash, denying service to legitimate users.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Microsoft has released Microsoft Security Bulletin MS04-016 to address these issues. Please see the referenced bulletin for more information.


Microsoft DirectX 9.0 a

Microsoft DirectX 8.1 b

Microsoft Windows Server 2003 Datacenter Edition

Microsoft DirectX 8.1 a

Microsoft DirectX 8.2

Microsoft DirectX 8.0

Microsoft Windows Server 2003 Enterprise Edition

Microsoft Windows Server 2003 Web Edition

Microsoft DirectX 8.0 a

Microsoft DirectX 9.0b

Microsoft DirectX 8.1

Microsoft Windows Server 2003 Standard Edition

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站