CVE-2004-0202 [Medium] | Denial of Service in Directx

CVE-2004-0202 is rated Moderate Risk (56.7/100): CVSS Medium severity, with high exploitation likelihood (EPSS 32.29%, 97th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +2.82% over the last day, indicating growing attacker interest. High exploitation likelihood—assess exposure and prioritize remediation.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-12-28	29.47%	32.29%	+2.82%
2	2025-12-27	32.29%	29.47%	-2.82%
3	2025-10-28	—	32.29%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-12-28

29.47%

32.29%

+2.82%

2025-12-27

32.29%

29.47%

-2.82%

2025-10-28

—

32.29%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.0	2.0	MEDIUM	`AV:N/AC:L/Au:N/C:N/I:N/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:P) Partial availability impact.	10.0	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

5.0

2.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:P): Partial availability impact.

10.0

2.9

[email protected]

Affected software / configurations for CVE-2004-0202

Vendor	Product	Version	Raw CPE
microsoft	directx	7.0	cpe:2.3:a:microsoft:directx:7.0:::::::*
microsoft	directx	7.0a	cpe:2.3:a:microsoft:directx:7.0a:::::::*
microsoft	directx	7.1	cpe:2.3:a:microsoft:directx:7.1:::::::*
microsoft	directx	8.0	cpe:2.3:a:microsoft:directx:8.0:::::::*
microsoft	directx	8.0a	cpe:2.3:a:microsoft:directx:8.0a:::::::*
microsoft	directx	8.1	cpe:2.3:a:microsoft:directx:8.1:::::::*
microsoft	directx	8.1a	cpe:2.3:a:microsoft:directx:8.1a:::::::*
microsoft	directx	8.1b	cpe:2.3:a:microsoft:directx:8.1b:::::::*
microsoft	directx	8.2	cpe:2.3:a:microsoft:directx:8.2:::::::*
microsoft	directx	9.0a	cpe:2.3:a:microsoft:directx:9.0a:::::::*
microsoft	directx	9.0b	cpe:2.3:a:microsoft:directx:9.0b:::::::*
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000::sp2::::::*
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000::sp3::::::*
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000::sp4::::::*
microsoft	windows_2003_server	enterprise	cpe:2.3:o:microsoft:windows_2003_server:enterprise::64-bit:::::
microsoft	windows_2003_server	enterprise_64-bit	cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:::::::*
microsoft	windows_2003_server	r2	cpe:2.3:o:microsoft:windows_2003_server:r2::64-bit:::::
microsoft	windows_2003_server	r2	cpe:2.3:o:microsoft:windows_2003_server:r2::datacenter_64-bit:::::
microsoft	windows_2003_server	standard	cpe:2.3:o:microsoft:windows_2003_server:standard::64-bit:::::
microsoft	windows_2003_server	web	cpe:2.3:o:microsoft:windows_2003_server:web:::::::*
microsoft	windows_98	—	cpe:2.3:o:microsoft:windows_98::gold::::::*
microsoft	windows_98se	—	cpe:2.3:o:microsoft:windows_98se::::::::
microsoft	windows_me	—	cpe:2.3:o:microsoft:windows_me::::::::
microsoft	windows_xp	—	cpe:2.3:o:microsoft:windows_xp:::64-bit:::::*
microsoft	windows_xp	—	cpe:2.3:o:microsoft:windows_xp:::home:::::*
microsoft	windows_xp	—	cpe:2.3:o:microsoft:windows_xp::gold:professional:::::
microsoft	windows_xp	—	cpe:2.3:o:microsoft:windows_xp::sp1:64-bit:::::
microsoft	windows_xp	—	cpe:2.3:o:microsoft:windows_xp::sp1:home:::::

References for CVE-2004-0202

URL	Tags
http://secunia.com/advisories/11802
http://www.osvdb.org/6742
http://www.securityfocus.com/bid/10487	Patch Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-016
https://exchange.xforce.ibmcloud.com/vulnerabilities/16306
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1027
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2190
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2413
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2516
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2705

URL

CVE-2004-0202

Exploit prediction scoring system (EPSS) score for CVE-2004-0202

Common vulnerability scoring system (CVSS) metrics for CVE-2004-0202

Weakness enumeration for CVE-2004-0202

Affected software / configurations for CVE-2004-0202

References for CVE-2004-0202