Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:5DB0B3D5476DA0FD443DEB3091F6C2B3
HistoryJul 18, 2006 - 12:00 a.m.

ntdll.dll buffer overflow via IIS 5.0 WebDAV

2006-07-1800:00:00
SAINT Corporation
download.saintcorporation.com
88

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.974 High

EPSS

Percentile

99.9%

JSON

Added: 07/18/2006
CVE: CVE-2003-0109
BID: 7116
OSVDB: 4467

Background

The dynamic link library **ntdll.dll** is a core component of the Windows operating system. It is used by many operating system components including the WebDAV component of Microsoft IIS.

Problem

A buffer overflow in **ntdll.dll** allows remote attackers to execute arbitrary commands with LocalSystem privileges by sending a long, specially crafted WebDAV request to IIS 5.0.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 03-007.

References

<http://www.cert.org/advisories/CA-2003-09.html&gt;

Limitations

Exploit works on Windows 2000 running IIS 5.0 web server with WebDAV enabled. Failure may cause the web service to become unresponsive but still remain listening.

Related

openvas 2
securityvulns 2
canvas 1
cve 1
saint 3
nessus 2
exploitpack 1
packetstorm 1
cert 1
seebug 1
checkpoint_advisories 3
exploitdb 1
trendmicroblog 1
openvas
openvas
Unchecked Buffer in ntdll.dll (Q815021)
2005-11-03 00:00:00
Unchecked Buffer in ntdll.dll (Q815021)
2005-11-03 00:00:00
securityvulns
securityvulns
[Windows XP] ntdll.dll Buffer Overflow Vulnerability - Yet Another MS03-007
2003-06-02 00:00:00
CERT Advisory CA-2003-09 Buffer Overflow in Microsoft IIS 5.0
2003-03-18 00:00:00
canvas
canvas
Immunity Canvas: MS03_007
2003-03-31 05:00:00
cve
cve
CVE-2003-0109
2003-03-31 05:00:00
saint
saint
ntdll.dll buffer overflow via IIS 5.0 WebDAV
2006-07-18 00:00:00
ntdll.dll buffer overflow via IIS 5.0 WebDAV
2006-07-18 00:00:00
ntdll.dll buffer overflow via IIS 5.0 WebDAV
2006-07-18 00:00:00
nessus
nessus
Microsoft IIS WebDAV ntdll.dll Remote Overflow (MS03-007)
2003-03-18 00:00:00
MS03-007: Unchecked Buffer in ntdll.dll (815021)
2003-03-18 00:00:00
exploitpack
exploitpack
Microsoft IIS 5.0 - WebDAV Remote
2003-03-24 00:00:00
packetstorm
packetstorm
Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow
2009-11-26 00:00:00
cert
cert
Buffer Overflow in Core Microsoft Windows DLL
2003-03-17 00:00:00
seebug
seebug
MS Windows WebDAV Remote PoC Exploit
2006-10-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft IIS WebDAV Remote Buffer Overflow (MS03-007) - Ver2 (CVE-2003-0109)
2014-12-28 00:00:00
Microsoft IIS WebDAV Remote Buffer Overflow (MS03-007; CVE-2003-0109)
2009-12-13 00:00:00
HTTP Methods (CAN-2003-0109; CVE-2007-1560; CVE-2015-1499)
2015-06-14 00:00:00
exploitdb
exploitdb
Microsoft IIS 5.0 - WebDAV Remote
2003-03-24 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 17, 2017
2017-04-21 18:23:45

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.974 High

EPSS

Percentile

99.9%

JSON
Related for SAINT:5DB0B3D5476DA0FD443DEB3091F6C2B3
openvas2securityvulns2canvas1cve1saint3nessus2exploitpack1packetstorm1cert1seebug1checkpoint_advisories3exploitdb1trendmicroblog1