Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:CA7EDA0BC1DDEF355A076E7F94C76958
HistoryOct 13, 2006 - 12:00 a.m.

Microsoft SSL library PCT buffer overflow

2006-10-1300:00:00
SAINT Corporation
my.saintcorporation.com
15

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.956 High

EPSS

Percentile

99.3%

JSON

Added: 10/13/2006
CVE: CVE-2003-0719
BID: 10116
OSVDB: 5250

Background

The Microsoft Secure Sockets Layer (SSL) library provides support for a number of secure communication protocols, including the Private Communication Technology (PCT) protocol. Since PCT has been superceded by SSL 3.0, the Microsoft SSL library supports it for backwards compatibility only. The Microsoft SSL library is used by many applications, including Microsoft Internet Information Services (IIS).

Problem

A buffer overflow in the Microsoft SSL library when handling the PCT protocol allows remote attackers to execute arbitrary commands by sending a specially crafted message to an application which uses SSL.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 04-011.

References

<http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx&gt;
<http://www.kb.cert.org/vuls/id/586540&gt;

Limitations

Exploit works on Microsoft IIS 5.0 and 5.1.

Platforms

Windows 2000
Windows XP

Related

saint 3
canvas 1
cert 1
cve 1
packetstorm 1
checkpoint_advisories 4
nessus 1
securityvulns 2
openvas 1
saint
saint
Microsoft SSL library PCT buffer overflow
2006-10-13 00:00:00
Microsoft SSL library PCT buffer overflow
2006-10-13 00:00:00
Microsoft SSL library PCT buffer overflow
2006-10-13 00:00:00
canvas
canvas
Immunity Canvas: MS04_011_SSLPCT
2004-06-01 04:00:00
cert
cert
Microsoft Private Communication Technology (PCT) fails to properly validate message inputs
2004-04-14 00:00:00
cve
cve
CVE-2003-0719
2004-06-01 04:00:00
packetstorm
packetstorm
Microsoft Private Communications Transport Overflow
2009-11-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows SSL Library Private Communications Transport Buffer Overflow - Ver2 (CVE-2003-0719)
2014-12-28 00:00:00
SSL - General Settings (CVE-2003-0719; CVE-2004-0826)
2005-02-01 00:00:00
Non Compliant SSL (CVE-2003-0719; CVE-2004-0826)
2013-08-16 00:00:00
nessus
nessus
MS04-011: Microsoft Hotfix (credentialed check) (835732)
2004-04-13 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS04-011
2004-04-14 00:00:00
US-CERT Technical Cyber Security Alert TA04-104A -- Multiple Vulnerabilities in Microsoft Products
2004-04-14 00:00:00
openvas
openvas
Microsoft Windows MS04-011 Security Check
2009-03-15 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.956 High

EPSS

Percentile

99.3%

JSON
Related for SAINT:CA7EDA0BC1DDEF355A076E7F94C76958
saint3canvas1cert1cve1packetstorm1checkpoint_advisories4nessus1securityvulns2openvas1