Vulnerability Name:

CVE-2004-0202 (CCN-16306)

Assigned:2004-06-08
Published:2004-06-08
Updated:2019-04-30
Summary:IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2004-0202

Source: CCN
Type: SA11802
Microsoft DirectPlay Packet Validation Denial of Service Vulnerability

Source: SECUNIA
Type: UNKNOWN
11802

Source: CCN
Type: Microsoft Security Bulletin MS04-016
Vulnerability in DirectPlay Could Allow Denial of Service (839643)

Source: OSVDB
Type: UNKNOWN
6742

Source: CCN
Type: OSVDB ID: 6742
Microsoft DirectPlay Packet Validation DoS

Source: BID
Type: Patch, Vendor Advisory
10487

Source: CCN
Type: BID-10487
Microsoft DirectX DirectPlay Remote Malformed Packet Denial Of Service Vulnerability

Source: MS
Type: UNKNOWN
MS04-016

Source: XF
Type: UNKNOWN
ms-directx-directplay-dos(16306)

Source: XF
Type: UNKNOWN
ms-directx-directplay-dos(16306)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1027

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2190

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2413

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2516

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2705

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:directx:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:directx:7.0a:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:directx:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:directx:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:directx:8.0a:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:directx:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:directx:8.1a:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:directx:8.1b:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:directx:8.2:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:directx:9.0a:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:directx:9.0b:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_98:*:gold:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows_98:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:x64:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:1027
    V
    		Windows 2000 DirectPlay Denial of Service
    2016-02-19
    oval:org.mitre.oval:def:2705
    V
    		Windows XP/Server 2003 DirectPlay Denial of Service (Test 2)
    2016-02-19
    oval:org.mitre.oval:def:2190
    V
    		Windows XP (32-Bit) DirectPlay Denial of Service
    2016-02-19
    oval:org.mitre.oval:def:2413
    V
    		Windows XP (64-Bit) DirectPlay Denial of Service
    2016-02-19
    oval:org.mitre.oval:def:2516
    V
    		Windows Server 2003 (32-Bit) DirectPlay Denial of Service
    2016-02-19
    BACK
    microsoft directx 7.0
    microsoft directx 7.0a
    microsoft directx 7.1
    microsoft directx 8.0
    microsoft directx 8.0a
    microsoft directx 8.1
    microsoft directx 8.1a
    microsoft directx 8.1b
    microsoft directx 8.2
    microsoft directx 9.0a
    microsoft directx 9.0b
    microsoft windows 2000 * sp2
    microsoft windows 2000 * sp3
    microsoft windows 2000 * sp4
    microsoft windows 2003 server enterprise
    microsoft windows 2003 server enterprise_64-bit
    microsoft windows 2003 server r2
    microsoft windows 2003 server r2
    microsoft windows 2003 server standard
    microsoft windows 2003 server web
    microsoft windows 98 * gold
    microsoft windows 98se *
    microsoft windows me *
    microsoft windows xp *
    microsoft windows xp *
    microsoft windows xp * gold
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows 98 *
    microsoft windows me *
    microsoft windows xp
    microsoft windows 2000 - sp2
    microsoft windows 2000 - sp3
    microsoft windows xp - sp1
    microsoft windows 2000 - sp4
    microsoft windows 2003_server
    microsoft windows 2003 server *
    microsoft windows xp - sp1