Oval Definition:oval:org.mitre.oval:def:1749
Revision Date:2008-03-24Version:47
Title:Windows NT Long Share Names Vulnerability
Description:Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2004-0214
Platform(s):Microsoft Windows NT
Product(s):Windows Shell
Definition Synopsis
  • Microsoft Windows NT is installed
  • AND a vulnerable version of shell32.dll exists
  • a vulnerable version of shell32.dll exists on NT Server
  • Windows NT server product option
  • this is an NT Server (stand-alone)
  • OR this is an NT Server (domain controller)
  • AND a vulnerable version of shell32.dll exists
  • Active Desktop is installed and shell32.dll is less than 4.72.3843.3100
  • Active Desktop is installed
  • AND the version of shell32.dll is less than 4.72.3843.3100
  • OR Active Desktop is not installed and shell32.dll is less than 4.0.1381.7267
  • NOT Active Desktop is installed
  • AND the version of shell32.dll is less than 4.0.1381.7267
  • OR a vulnerable version of shell32.dll exists on NT Terminal Server
  • this is an NT Terminal Server
  • AND the version of shell32.dll is less than 4.0.1381.3356
  • AND NOT the patch q841356 is installed (Hotfix key)
    • BACK