CVE-2004-0212

Exp

Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.

Published: 2004-08-06 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2004-0212 is rated High Exploit Risk (84.7/100): CVSS Critical severity, with high exploitation likelihood (EPSS 63.50%, 99th percentile). 2 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2004-0212

EDB-ID Source Kind Published Link
368 exploit_db edb 2004-07-31 Exploit-DB ↗
353 exploit_db edb 2004-07-18 Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2004-0212

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 81.36% 63.50% -17.86%
2 2026-03-19 81.28% 81.36% +0.08%
3 2026-01-11 81.28%

Full EPSS history (19 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2004-0212

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
10.0 2.0 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 10.0 10.0 [email protected]

Weakness enumeration for CVE-2004-0212

Affected software / configurations for CVE-2004-0212

Vendor Product Version Raw CPE
avaya ip600_media_servers cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*
microsoft ie 6.0 cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
avaya definity_one_media_server cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*
avaya s8100 cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*
avaya modular_messaging_message_storage_server s3400 cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400:*:*:*:*:*:*:*
microsoft windows_2000 cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
microsoft windows_2000 cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
microsoft windows_2000 cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
microsoft windows_2000 cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
microsoft windows_2000 cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
microsoft windows_nt 4.0 cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*
microsoft windows_nt 4.0 cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*
microsoft windows_nt 4.0 cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*
microsoft windows_xp cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
microsoft windows_xp cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
microsoft windows_xp cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
microsoft windows_xp cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
microsoft windows_xp cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

References for CVE-2004-0212

URL Tags
http://marc.info/?l=bugtraq&m=108981273009250&w=2
http://marc.info/?l=bugtraq&m=108981403025596&w=2
http://secunia.com/advisories/12060
http://www.kb.cert.org/vuls/id/228028 US Government Resource
http://www.ngssoftware.com/advisories/mstaskjob.txt
http://www.us-cert.gov/cas/techalerts/TA04-196A.html Patch Third Party Advisory US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022
https://exchange.xforce.ibmcloud.com/vulnerabilities/16591
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1344
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1781
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1964
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3428
cvelogic Threat Intelligence