Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0660

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0660
Last Modified 10 Sep 2008 03:20:04
Published 17 Nov 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0660

Summary

The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server Enterprise

  • Microsoft Windows 2003 Server Enterprise 64-bit

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Web

  • Microsoft Windows Nt 4.0

  • Microsoft Windows Xp


References

CERT-VN - VU#838572

CERT - CA-2003-27

BID - 8830

MS - MS03-041

XF - win-authenticode-code-execution(13422)


Last Updated: 27 May 2016 10:38:00