7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.956 High
EPSS
Percentile
99.3%
Added: 10/13/2006
CVE: CVE-2003-0719
BID: 10116
OSVDB: 5250
The Microsoft Secure Sockets Layer (SSL) library provides support for a number of secure communication protocols, including the Private Communication Technology (PCT) protocol. Since PCT has been superceded by SSL 3.0, the Microsoft SSL library supports it for backwards compatibility only. The Microsoft SSL library is used by many applications, including Microsoft Internet Information Services (IIS).
A buffer overflow in the Microsoft SSL library when handling the PCT protocol allows remote attackers to execute arbitrary commands by sending a specially crafted message to an application which uses SSL.
Apply the patch referenced in Microsoft Security Bulletin 04-011.
<http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx>
<http://www.kb.cert.org/vuls/id/586540>
Exploit works on Microsoft IIS 5.0 and 5.1.
Windows 2000
Windows XP