Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.SMB_NT_MS03-007.NASL
HistoryMar 18, 2003 - 12:00 a.m.

MS03-007: Unchecked Buffer in ntdll.dll (815021)

2003-03-1800:00:00
This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
www.tenable.com
62
JSON

The remote version of Windows contains a buffer overflow in the Windows kernel, that could allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges.

For example this vulnerability can be exploited through the WebDAV component of IIS 5.0.

A public exploit is available.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(11413);
 script_version("1.50");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_cve_id("CVE-2003-0109");
 script_bugtraq_id(7116);
 script_xref(name:"MSFT", value:"MS03-007");
 script_xref(name:"CERT", value:"117394");
 script_xref(name:"MSKB", value:"815021");

 script_name(english:"MS03-007: Unchecked Buffer in ntdll.dll (815021)");
 script_summary(english:"Checks for MS Hotfix Q815021");

 script_set_attribute(attribute:"synopsis", value:"Arbitrary code can be executed on the remote host.");
 script_set_attribute(attribute:"description", value:
"The remote version of Windows contains a buffer overflow in the Windows
kernel, that could allow an attacker to execute arbitrary code on the
remote host with SYSTEM privileges.

For example this vulnerability can be exploited through the WebDAV
component of IIS 5.0.

A public exploit is available.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2003/ms03-007");
 script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows NT, 2000 and XP.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
 script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'MS03-007 Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
 script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
 script_set_attribute(attribute:"canvas_package", value:'CANVAS');

 script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/17");
 script_set_attribute(attribute:"patch_publication_date", value:"2003/03/17");
 script_set_attribute(attribute:"plugin_publication_date", value:"2003/03/18");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS03-007';
kb = "815021";

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(nt:'6', win2k:'2,3', xp:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"5.1", sp:1, file:"Ntdll.dll", version:"5.1.2600.1217",                                dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:0, file:"Ntdll.dll", version:"5.1.2600.114",                                 dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0",       file:"Ntdll.dll", version:"5.0.2195.6685",                                dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"4.0",       file:"Ntdll.dll", version:"4.0.1381.7212",                                dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"4.0",       file:"Ntdll.dll", version:"4.0.1381.33546", min_version:"4.0.1381.33000", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

Related

openvas 2
canvas 1
securityvulns 2
cve 1
checkpoint_advisories 3
saint 4
nessus 1
exploitpack 1
packetstorm 1
cert 1
seebug 1
exploitdb 1
trendmicroblog 1
openvas
openvas
Unchecked Buffer in ntdll.dll (Q815021)
2005-11-03 00:00:00
Unchecked Buffer in ntdll.dll (Q815021)
2005-11-03 00:00:00
canvas
canvas
Immunity Canvas: MS03_007
2003-03-31 05:00:00
securityvulns
securityvulns
[Windows XP] ntdll.dll Buffer Overflow Vulnerability - Yet Another MS03-007
2003-06-02 00:00:00
CERT Advisory CA-2003-09 Buffer Overflow in Microsoft IIS 5.0
2003-03-18 00:00:00
cve
cve
CVE-2003-0109
2003-03-31 05:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft IIS WebDAV Remote Buffer Overflow (MS03-007) - Ver2 (CVE-2003-0109)
2014-12-28 00:00:00
Microsoft IIS WebDAV Remote Buffer Overflow (MS03-007; CVE-2003-0109)
2009-12-13 00:00:00
HTTP Methods (CAN-2003-0109; CVE-2007-1560; CVE-2015-1499)
2015-06-14 00:00:00
saint
saint
ntdll.dll buffer overflow via IIS 5.0 WebDAV
2006-07-18 00:00:00
ntdll.dll buffer overflow via IIS 5.0 WebDAV
2006-07-18 00:00:00
ntdll.dll buffer overflow via IIS 5.0 WebDAV
2006-07-18 00:00:00
nessus
nessus
Microsoft IIS WebDAV ntdll.dll Remote Overflow (MS03-007)
2003-03-18 00:00:00
exploitpack
exploitpack
Microsoft IIS 5.0 - WebDAV Remote
2003-03-24 00:00:00
packetstorm
packetstorm
Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow
2009-11-26 00:00:00
cert
cert
Buffer Overflow in Core Microsoft Windows DLL
2003-03-17 00:00:00
seebug
seebug
MS Windows WebDAV Remote PoC Exploit
2006-10-24 00:00:00
exploitdb
exploitdb
Microsoft IIS 5.0 - WebDAV Remote
2003-03-24 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 17, 2017
2017-04-21 18:23:45
JSON
Related for SMB_NT_MS03-007.NASL
openvas2canvas1securityvulns2cve1checkpoint_advisories3saint4nessus1exploitpack1packetstorm1cert1seebug1exploitdb1trendmicroblog1