Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0109

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0109
Last Modified 10 Sep 2008 03:17:57
Published 31 Mar 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0109

Summary

Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2000 Terminal Services


References

CERT - CA-2003-09

CERT-VN - VU#117394

BID - 7116

MS - MS03-007

XF - http-webdav-long-request(11533)

ISS - 20030317 Microsoft IIS WebDAV Remote Compromise Vulnerability

MISC - http://www.nextgenss.com/papers/ms03-007-ntdll.pdf

MSKB - Q815021

CONFIRM - http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-4844-B62E-C69D32AC929B&displaylang=en

NTBUGTRAQ - 20030321 New attack vectors and a vulnerability dissection of MS03-007

BUGTRAQ - 20030708 WDAV exploit without netcat and with pretty magic number

BUGTRAQ - 20030328 Fate Research Labs Presents: Analysis of the NTDLL.DLL Exploit

BUGTRAQ - 20030326 WebDAV exploit: using wide character decoder scheme

BUGTRAQ - 20030325 IIS 5.0 WebDAV -Proof of concept-. Fully documented.


Last Updated: 27 May 2016 10:37:47