CVE-2003-0109 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Microsoft	Windows 2000	All versions
Microsoft	Windows 2000 Terminal Services	All versions

References

http://marc.info/?l=bugtraq&m=104826476427372&w=2
http://marc.info/?l=bugtraq&m=104861839130254&w=2
http://marc.info/?l=bugtraq&m=104869293619064&w=2
http://marc.info/?l=bugtraq&m=104887148323552&w=2
http://marc.info/?l=bugtraq&m=105768156625699&w=2
http://marc.info/?l=ntbugtraq&m=104826785731151&w=2
http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-4844-B62E-C69
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ815021
http://www.cert.org/advisories/CA-2003-09.htmlPatchThird Party AdvisoryUS Government Resource
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=22029PatchVendor Advisory
http://www.iss.net/security_center/static/11533.phpPatchVendor Advisory
http://www.kb.cert.org/vuls/id/117394US Government Resource
http://www.nextgenss.com/papers/ms03-007-ntdll.pdf
http://www.securityfocus.com/bid/7116ExploitPatchVendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-00

FAQ

What is CVE-2003-0109?

CVE-2003-0109 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a ...

How severe is CVE-2003-0109?

CVE-2003-0109 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2003-0109?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 2000 Terminal Services.