CVE-2004-0193

Name: CVE-2004-0193
Creator: NVD / NIST
Published: 2004-03-15T05:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 8.00%

Last modified Jun 16, 2026

CVE-2004-0193 is a vulnerability of currently unknown severity. Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.. EPSS estimates a 8.00% chance of exploitation in the next 30 days.

Description

Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.

Metrics

EPSS Probability

8.00%

94.0th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions	Update
Iss	Blackice Agent Server	3.6eca	—
Iss	Blackice Pc Protection	3.6cbd	—
Iss	Blackice Server Protection	3.6cbz	—
Iss	Realsecure Desktop	3.6eca	—
Iss	Realsecure Desktop	3.6ecf	—
Iss	Realsecure Desktop	7.0ebg	—
Iss	Realsecure Desktop	7.0epk	—
Iss	Realsecure Guard	3.6ecb	—
Iss	Realsecure Network	7.0	Xpu 20.15
Iss	Realsecure Sentry	3.6ecf	—
Iss	Realsecure Server Sensor	7.0	Xpu20.16
Iss	Proventia A Series Xpu	20.15	—
Iss	Proventia G Series Xpu	22.3	—
Iss	Proventia M Series Xpu	1.30	—

References

http://marc.info/?l=bugtraq&m=107789851117176&w=2
http://secunia.com/advisories/10988
http://www.eeye.com/html/Research/Advisories/AD20040226.html
http://www.eeye.com/html/Research/Upcoming/20040213.htmlVendor Advisory
http://www.kb.cert.org/vuls/id/150326Patch, Third Party Advisory, US Government Resource
http://www.osvdb.org/4072
http://www.securityfocus.com/bid/9752
http://xforce.iss.net/xforce/alerts/id/165Patch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15207
http://marc.info/?l=bugtraq&m=107789851117176&w=2
http://secunia.com/advisories/10988
http://www.eeye.com/html/Research/Advisories/AD20040226.html
http://www.eeye.com/html/Research/Upcoming/20040213.htmlVendor Advisory
http://www.kb.cert.org/vuls/id/150326Patch, Third Party Advisory, US Government Resource
http://www.osvdb.org/4072
http://www.securityfocus.com/bid/9752
http://xforce.iss.net/xforce/alerts/id/165Patch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15207

Timeline

Published: Mar 15, 2004
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2004-0193?

How severe is CVE-2004-0193?

Severity scoring for CVE-2004-0193 is pending analysis. The EPSS model estimates a 8.00% probability of exploitation in the next 30 days.

How do I fix CVE-2004-0193?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2004-0193?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST