CVE-2004-0193

Published: Mar 15, 2004Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.

Affected (14)

Products: Iss: Blackice Agent Server, Blackice Pc Protection, Blackice Server Protection, Realsecure Desktop, Realsecure Guard, Realsecure Network, Realsecure Sentry, Realsecure Server Sensor, Proventia A Series Xpu, Proventia G Series Xpu, Proventia M Series Xpu

Iss

11 products

Blackice Agent Server

Blackice Pc Protection

Blackice Server Protection

Realsecure Server Sensor

Proventia A Series Xpu

Proventia G Series Xpu

Proventia M Series Xpu

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Iss Blackice Agent Server	Version 3.6eca
Iss Blackice Pc Protection	Version 3.6cbd
Iss Blackice Server Protection	Version 3.6cbz
Iss Realsecure Desktop	Version 3.6eca
Iss Realsecure Desktop	Version 3.6ecf
Iss Realsecure Desktop	Version 7.0ebg
Iss Realsecure Desktop	Version 7.0epk
Iss Realsecure Guard	Version 3.6ecb
Iss Realsecure Network	Version 7.0 xpu_20.15
Iss Realsecure Sentry	Version 3.6ecf
Iss Realsecure Server Sensor	Version 7.0 xpu20.16