Vulnerability Details CVE-2003-0109
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.887
EPSS Ranking 99.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=104826476427372&w=2
- http://marc.info/?l=bugtraq&m=104861839130254&w=2
- http://marc.info/?l=bugtraq&m=104869293619064&w=2
- http://marc.info/?l=bugtraq&m=104887148323552&w=2
- http://marc.info/?l=bugtraq&m=105768156625699&w=2
- http://marc.info/?l=ntbugtraq&m=104826785731151&w=2
- http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-4844-B62E-C69D32AC929B&displaylang=en
- http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ815021
- http://www.cert.org/advisories/CA-2003-09.html
- http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=22029
- http://www.iss.net/security_center/static/11533.php
- http://www.kb.cert.org/vuls/id/117394
- http://www.nextgenss.com/papers/ms03-007-ntdll.pdf
- http://www.securityfocus.com/bid/7116
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-007
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A109
- http://marc.info/?l=bugtraq&m=104826476427372&w=2
- http://marc.info/?l=bugtraq&m=104861839130254&w=2
- http://marc.info/?l=bugtraq&m=104869293619064&w=2
- http://marc.info/?l=bugtraq&m=104887148323552&w=2
- http://marc.info/?l=bugtraq&m=105768156625699&w=2
- http://marc.info/?l=ntbugtraq&m=104826785731151&w=2
- http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-4844-B62E-C69D32AC929B&displaylang=en
- http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ815021
- http://www.cert.org/advisories/CA-2003-09.html
- http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=22029
- http://www.iss.net/security_center/static/11533.php
- http://www.kb.cert.org/vuls/id/117394
- http://www.nextgenss.com/papers/ms03-007-ntdll.pdf
- http://www.securityfocus.com/bid/7116
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-007
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A109
Products affected by CVE-2003-0109
-
cpe:2.3:o:microsoft:windows_2000:-
-
cpe:2.3:o:microsoft:windows_2000:beta3
-
cpe:2.3:o:microsoft:windows_2000_terminal_services:-