Vulnerability Description
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Netmeeting | All versions |
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2003 Server | r2 |
| Microsoft | Windows 98 | All versions |
| Microsoft | Windows Me | All versions |
| Microsoft | Windows Nt | 4.0 |
| Microsoft | Windows Xp | All versions |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020069.html
- http://marc.info/?l=bugtraq&m=108325860431471&w=2
- http://www.ciac.org/ciac/bulletins/o-114.shtml
- http://www.eeye.com/html/Research/Advisories/AD20040413C.html
- http://www.kb.cert.org/vuls/id/753212PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/10108
- http://www.us-cert.gov/cas/techalerts/TA04-104A.htmlThird Party AdvisoryUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-01
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15699
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020069.html
- http://marc.info/?l=bugtraq&m=108325860431471&w=2
- http://www.ciac.org/ciac/bulletins/o-114.shtml
FAQ
What is CVE-2003-0533?
CVE-2003-0533 is a vulnerability with a CVSS score of 7.5 (HIGH). Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4...
How severe is CVE-2003-0533?
CVE-2003-0533 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0533?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Netmeeting, Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows 98, Microsoft Windows Me.