What is the severity of CVE-2004-1306?

CVE-2004-1306 is classified as critical due to the potential for remote code execution.

How do I fix CVE-2004-1306?

To remediate CVE-2004-1306, users should apply the latest patches provided by Microsoft for their affected systems.

Which systems are vulnerable to CVE-2004-1306?

Vulnerable systems include Windows NT, Windows 2000, Windows XP up to SP2, and Windows 2003.

What are the risks associated with CVE-2004-1306?

The risks involve attackers being able to execute arbitrary code on the affected systems if a malicious .hlp file is opened.

Can CVE-2004-1306 be exploited remotely?

Yes, CVE-2004-1306 can be exploited remotely by a user opening a maliciously crafted .hlp file.

Vulnerability/
CVE-2004-1306

medium

5.1

CWE

NVD-CWE-Other 119

31/12/2004

19/1/2005

8/8/2024

CVE-2004-1306: Buffer Overflow

First published: Fri Dec 31 2004(Updated: )

Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Microsoft Windows NT	=4.0-sp5
Microsoft Windows 2003 Server	=web-sp1_beta_1
Microsoft Windows XP	=sp1
Microsoft Windows NT	=4.0-sp3
Microsoft Windows 2003 Server	=web
Microsoft Windows 2003 Server	=enterprise
Microsoft Windows NT	=4.0-sp6a
Microsoft Windows 2003 Server	=enterprise_64-bit
Microsoft Windows 2003 Server	=enterprise-sp1_beta_1
Microsoft Windows XP	=gold
Microsoft Windows 2000
Microsoft Windows NT	=4.0-sp6
Microsoft Windows XP
Microsoft Windows NT	=4.0
Microsoft Windows NT	=4.0-sp1
Microsoft Windows NT	=4.0-sp3
Microsoft Windows 2000	=sp4
Microsoft Windows XP	=sp2
Microsoft Windows 2003 Server	=datacenter_64-bit-sp1_beta_1
Microsoft Windows XP
Microsoft Windows NT	=4.0-sp6
Microsoft Windows NT	=4.0-sp4
Microsoft Windows XP	=sp1
Microsoft Windows NT	=4.0-sp5
Microsoft Windows 2000	=sp2
Microsoft Windows 2003 Server	=standard-sp1_beta_1
Microsoft Windows NT	=4.0-sp6
Microsoft Windows NT	=4.0
Microsoft Windows NT	=4.0-sp4
Microsoft Windows NT	=4.0-sp2
Microsoft Windows 2003 Server	=r2
Microsoft Windows NT	=4.0-sp6a
Microsoft Windows NT	=4.0
Microsoft Windows NT	=4.0-sp6a
Microsoft Windows NT	=4.0-sp4
Microsoft Windows 2003 Server	=r2-sp1_beta_1
Microsoft Windows NT	=4.0-sp2
Microsoft Windows NT	=4.0-sp1
Microsoft Windows 2000	=sp1
Microsoft Windows NT	=4.0-sp4
Microsoft Windows NT	=4.0-sp6
Microsoft Windows XP	=sp2
Microsoft Windows XP
Microsoft Windows NT	=4.0-sp3
Microsoft Windows NT	=4.0-sp1
Microsoft Windows NT	=4.0-sp2
Microsoft Windows NT	=4.0-sp5
Microsoft Windows NT	=4.0-sp1
Microsoft Windows XP	=sp1
Microsoft Windows 2003 Server	=standard
Microsoft Windows NT	=4.0
Microsoft Windows NT	=4.0-sp6a
Microsoft Windows NT	=4.0-sp3
Microsoft Windows 2003 Server	=enterprise_64-bit-sp1_beta_1
Microsoft Windows 2003 Server	=r2
Microsoft Windows NT	=4.0-sp5
Microsoft Windows NT	=4.0-sp2
Microsoft Windows 2000	=sp3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2004-1306?
CVE-2004-1306 is classified as critical due to the potential for remote code execution.
How do I fix CVE-2004-1306?
To remediate CVE-2004-1306, users should apply the latest patches provided by Microsoft for their affected systems.
Which systems are vulnerable to CVE-2004-1306?
Vulnerable systems include Windows NT, Windows 2000, Windows XP up to SP2, and Windows 2003.
What are the risks associated with CVE-2004-1306?
The risks involve attackers being able to execute arbitrary code on the affected systems if a malicious .hlp file is opened.
Can CVE-2004-1306 be exploited remotely?
Yes, CVE-2004-1306 can be exploited remotely by a user opening a maliciously crafted .hlp file.

collector/nvd-historical
collector/nvd-index
agent/references
agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/last-modified-date
agent/tags
agent/author
agent/description
agent/event
agent/source
vendor/microsoft
canonical/microsoft windows nt
version/microsoft windows nt/4.0-sp5
canonical/microsoft windows 2003 server
version/microsoft windows 2003 server/web-sp1_beta_1
canonical/microsoft windows xp
version/microsoft windows xp/sp1
version/microsoft windows nt/4.0-sp3
version/microsoft windows 2003 server/web
version/microsoft windows 2003 server/enterprise
version/microsoft windows nt/4.0-sp6a
version/microsoft windows 2003 server/enterprise_64-bit
version/microsoft windows 2003 server/enterprise-sp1_beta_1
version/microsoft windows xp/gold
canonical/microsoft windows 2000
version/microsoft windows nt/4.0-sp6
version/microsoft windows nt/4.0
version/microsoft windows nt/4.0-sp1
version/microsoft windows 2000/sp4
version/microsoft windows xp/sp2
version/microsoft windows 2003 server/datacenter_64-bit-sp1_beta_1
version/microsoft windows nt/4.0-sp4
version/microsoft windows 2000/sp2
version/microsoft windows 2003 server/standard-sp1_beta_1
version/microsoft windows nt/4.0-sp2
version/microsoft windows 2003 server/r2
version/microsoft windows 2003 server/r2-sp1_beta_1
version/microsoft windows 2000/sp1
version/microsoft windows 2003 server/standard
version/microsoft windows 2003 server/enterprise_64-bit-sp1_beta_1
version/microsoft windows 2000/sp3