| ID |
CVE-2003-0109
|
| Summary |
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.5 (as of 30-04-2019 - 14:27) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| oval
via4
|
| accepted | 2011-05-16T04:00:17.953-04:00 | | class | vulnerability | | contributors | | name | Tiffany Bergeron | | organization | The MITRE Corporation |
| name | Anna Min | | organization | BigFix, Inc |
| name | Sudhir Gandhe | | organization | Telos |
| name | Shane Shaffer | | organization | G2, Inc. |
| | description | Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0. | | family | windows | | id | oval:org.mitre.oval:def:109 | | status | accepted | | submitted | 2003-10-10T12:00:00.000-04:00 | | title | Windows ntdll.dll Buffer Overflow | | version | 67 |
|
| refmap
via4
|
| bid | 7116 | | bugtraq | - 20030321 New attack vectors and a vulnerability dissection of MS03-007
- 20030325 IIS 5.0 WebDAV -Proof of concept-. Fully documented.
- 20030326 WebDAV exploit: using wide character decoder scheme
- 20030328 Fate Research Labs Presents: Analysis of the NTDLL.DLL Exploit
- 20030708 WDAV exploit without netcat and with pretty magic number
| | cert | CA-2003-09 | | cert-vn | VU#117394 | | confirm | http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-4844-B62E-C69D32AC929B&displaylang=en | | iss | 20030317 Microsoft IIS WebDAV Remote Compromise Vulnerability | | misc | http://www.nextgenss.com/papers/ms03-007-ntdll.pdf | | mskb | Q815021 | | ntbugtraq | 20030321 New attack vectors and a vulnerability dissection of MS03-007 | | vulnwatch | 20030317 Microsoft IIS 5.0 WebDAV remote buffer overflow | | xf | http-webdav-long-request(11533) |
|
| saint
via4
|
| bid | 7116 | | description | ntdll.dll buffer overflow via IIS 5.0 WebDAV | | id | win_patch_ntdll,web_server_iis_webdav | | osvdb | 4467 | | title | iis5_webdav | | type | remote |
|
| Last major update |
30-04-2019 - 14:27 |
| Published |
31-03-2003 - 05:00 |
| Last modified |
30-04-2019 - 14:27 |
