1. CVE-Search
  2. CVE-2003-0719
ID CVE-2003-0719
Summary Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:netmeeting:*:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:netmeeting:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
CVSS
Base: 7.5 (as of 12-10-2018 - 21:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2007-05-23T15:05:26.193-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Glenn Strickland
      organization Secure Elements, Inc.
    description Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
    family windows
    id oval:org.mitre.oval:def:1093
    status accepted
    submitted 2004-04-13T12:00:00.000-04:00
    title Windows Server 2003 SSL PCT Handshake Vulnerability
    version 65
  • accepted 2011-05-16T04:03:33.420-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Glenn Strickland
      organization Secure Elements, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
    family windows
    id oval:org.mitre.oval:def:889
    status accepted
    submitted 2004-04-13T12:00:00.000-04:00
    title Windows XP SSL PCT Handshake Vulnerability
    version 72
  • accepted 2008-03-24T04:00:53.521-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Glenn Strickland
      organization Secure Elements, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
    family windows
    id oval:org.mitre.oval:def:903
    status accepted
    submitted 2004-04-13T12:00:00.000-04:00
    title Windows NT SSL PCT Handshake Vulnerability
    version 75
  • accepted 2007-05-23T15:05:55.915-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Glenn Strickland
      organization Secure Elements, Inc.
    description Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
    family windows
    id oval:org.mitre.oval:def:951
    status accepted
    submitted 2004-04-13T12:00:00.000-04:00
    title Windows 2000 SSL PCT Handshake Vulnerability
    version 65
refmap via4
bugtraq 20040430 A technical description of the SSL PCT vulnerability (CVE-2003-0719)
cert TA04-104A
cert-vn VU#586540
iss 20040413 Microsoft SSL Library Remote Compromise Vulnerability
saint via4
bid 10116
description Microsoft SSL library PCT buffer overflow
id win_patch_ms04011
osvdb 5250
title microsoft_ssl_pct
type remote
Last major update 12-10-2018 - 21:33
Published 01-06-2004 - 04:00
Last modified 12-10-2018 - 21:33
Back to Top