Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:A5F50B2108393522C5D4F7BA3145465F
HistoryOct 13, 2006 - 12:00 a.m.

Microsoft SSL library PCT buffer overflow

2006-10-1300:00:00
SAINT Corporation
www.saintcorporation.com
18

0.958 High

EPSS

Percentile

99.4%

JSON

Added: 10/13/2006
CVE: CVE-2003-0719
BID: 10116
OSVDB: 5250

Background

The Microsoft Secure Sockets Layer (SSL) library provides support for a number of secure communication protocols, including the Private Communication Technology (PCT) protocol. Since PCT has been superceded by SSL 3.0, the Microsoft SSL library supports it for backwards compatibility only. The Microsoft SSL library is used by many applications, including Microsoft Internet Information Services (IIS).

Problem

A buffer overflow in the Microsoft SSL library when handling the PCT protocol allows remote attackers to execute arbitrary commands by sending a specially crafted message to an application which uses SSL.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 04-011.

References

<http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx&gt;
<http://www.kb.cert.org/vuls/id/586540&gt;

Limitations

Exploit works on Microsoft IIS 5.0 and 5.1.

Platforms

Windows 2000
Windows XP

Related

saint 3
cert 1
cve 1
canvas 1
nvd 1
cvelist 1
packetstorm 1
checkpoint_advisories 4
nessus 1
openvas 1
securityvulns 2
saint
saint
Microsoft SSL library PCT buffer overflow
2006-10-13 00:00:00
Microsoft SSL library PCT buffer overflow
2006-10-13 00:00:00
Microsoft SSL library PCT buffer overflow
2006-10-13 00:00:00
cert
cert
Microsoft Private Communication Technology (PCT) fails to properly validate message inputs
2004-04-14 00:00:00
cve
cve
CVE-2003-0719
2004-06-01 04:00:00
canvas
canvas
Immunity Canvas: MS04_011_SSLPCT
2004-06-01 04:00:00
nvd
nvd
CVE-2003-0719
2004-06-01 04:00:00
cvelist
cvelist
CVE-2003-0719
2004-04-16 04:00:00
packetstorm
packetstorm
Microsoft Private Communications Transport Overflow
2009-11-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows SSL Library Private Communications Transport Buffer Overflow - Ver2 (CVE-2003-0719)
2014-12-28 00:00:00
Non Compliant SSL (CVE-2003-0719; CVE-2004-0826)
2013-08-16 00:00:00
SSL - General Settings (CVE-2003-0719; CVE-2004-0826)
2005-02-01 00:00:00
nessus
nessus
MS04-011: Microsoft Hotfix (credentialed check) (835732)
2004-04-13 00:00:00
openvas
openvas
Microsoft Windows MS04-011 Security Check
2009-03-15 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS04-011
2004-04-14 00:00:00
US-CERT Technical Cyber Security Alert TA04-104A -- Multiple Vulnerabilities in Microsoft Products
2004-04-14 00:00:00

0.958 High

EPSS

Percentile

99.4%

JSON
Related for SAINT:A5F50B2108393522C5D4F7BA3145465F
saint3cert1cve1canvas1nvd1cvelist1packetstorm1checkpoint_advisories4nessus1openvas1securityvulns2