Description
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Product(s):
- Microsoft DirectX 7.0
- Microsoft DirectX 7.0a
- Microsoft DirectX 7.1
- Microsoft DirectX 8.0
- Microsoft DirectX 8.0a
- Microsoft DirectX 8.1
- Microsoft DirectX 8.1a
- Microsoft DirectX 8.1b
- Microsoft DirectX 8.2
- Microsoft DirectX 9.0a
- Microsoft DirectX 9.0b
- Microsoft Windows 2000 Service Pack 2
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft windows 2000_sp2
- Microsoft Windows 2000 Service Pack 2 Advanced Server Edition
- Microsoft Windows 2000 Service Pack 2 Datacenter Server Edition
- Microsoft Windows 2000 Service Pack 2 Professional Edition
- Microsoft Windows 2000 Service Pack 2 Server Edition
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Server SP2
- Microsoft windows 2000_sp3
- Microsoft Windows 2000 Service Pack 3 Advanced Server Edition
- Microsoft Windows 2000 Service Pack 3 Datacenter Server Edition
- Microsoft Windows 2000 Service Pack 3 Professional Edition
- Microsoft Windows 2000 Service Pack 3 Server Edition
- Microsoft Windows 2000 Advanced Server SP3
- Microsoft Windows 2000 Datacenter Server SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Service Pack 4 Advanced Server Edition
- Microsoft Windows 2000 Service Pack 4 Datacenter Server Edition
- Microsoft Windows 2000 Service Pack 4 Professional Edition
- Microsoft Windows 2000 Service Pack 4 Server Edition
- Microsoft Windows 2000 Service Pack 4 French
- Microsoft Windows 2000 Advanced Server SP4
- Microsoft Windows 2000 Datacenter Server SP4
- Microsoft Windows 2000 Professional SP4
- Microsoft Windows 2000 Server SP4
- Microsoft Windows 2003 Server Enterprise Edition 64-bit
- Microsoft Windows 2003 Server Enterprise 64-bit
- Microsoft Windows 2003 Server R2 64-bit
- Microsoft Windows 2003 Server R2 Datacenter 64-bit
- Microsoft Windows 2003 Server Standard on 64-bit
- Microsoft Windows 2003 Server Web Edition
- Microsoft Windows 98 Gold
- Microsoft windows 98_gold
- Microsoft Windows 98SE
- Microsoft windows 98_se
- Microsoft Windows ME
- Microsoft windows me_gold
- Microsoft Windows Millenium Edition SCD
- Microsoft Windows XP 64-bit
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Gold Professional
- Microsoft Windows XP SP1 64-bit
- Microsoft Windows XP SP1 Home
- Microsoft Windows XP (gold) Home Edition
- Microsoft Windows XP Professional Gold
- Microsoft Windows XP Service Pack 1 Home Edition
- Microsoft Windows XP Service Pack 2 Home Edition
- Microsoft Windows XP Service Pack 3 Home Edition
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-0202, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-0202 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.