Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0812

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0812
Last Modified 10 Sep 2008 03:20:30
Published 15 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0812

Summary

Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows Xp


References

CERT-VN - VU#567620

CERT - CA-2003-28

BID - 9011

MS - MS03-049

BUGTRAQ - 20031111 EEYE: Windows Workstation Service Remote Buffer Overflow

CISCO - 20040129 Buffer Overrun in Microsoft Windows 2000 Workstation Service (MS03-049)

BUGTRAQ - 20031112 Proof of concept for Windows Workstation Service overflow


Last Updated: 27 May 2016 10:38:04