7.6 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.104 Low
EPSS
Percentile
94.9%
The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval.
www.cert.org/advisories/CA-2003-27.html
www.kb.cert.org/vuls/id/838572
www.securityfocus.com/bid/8830
docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-041
exchange.xforce.ibmcloud.com/vulnerabilities/13422
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A185
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A198