Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:CCC95CE293BFDC7B340EFE1C0D306B03
HistoryJul 18, 2006 - 12:00 a.m.

ntdll.dll buffer overflow via IIS 5.0 WebDAV

2006-07-1800:00:00
SAINT Corporation
my.saintcorporation.com
27

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.974 High

EPSS

Percentile

99.9%

JSON

Added: 07/18/2006
CVE: CVE-2003-0109
BID: 7116
OSVDB: 4467

Background

The dynamic link library **ntdll.dll** is a core component of the Windows operating system. It is used by many operating system components including the WebDAV component of Microsoft IIS.

Problem

A buffer overflow in **ntdll.dll** allows remote attackers to execute arbitrary commands with LocalSystem privileges by sending a long, specially crafted WebDAV request to IIS 5.0.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 03-007.

References

<http://www.cert.org/advisories/CA-2003-09.html&gt;

Limitations

Exploit works on Windows 2000 running IIS 5.0 web server with WebDAV enabled. Failure may cause the web service to become unresponsive but still remain listening.

Related

openvas 2
canvas 1
securityvulns 2
cve 1
checkpoint_advisories 3
saint 3
nessus 2
packetstorm 1
exploitpack 1
cert 1
seebug 1
exploitdb 1
trendmicroblog 1
openvas
openvas
Unchecked Buffer in ntdll.dll (Q815021)
2005-11-03 00:00:00
Unchecked Buffer in ntdll.dll (Q815021)
2005-11-03 00:00:00
canvas
canvas
Immunity Canvas: MS03_007
2003-03-31 05:00:00
securityvulns
securityvulns
[Windows XP] ntdll.dll Buffer Overflow Vulnerability - Yet Another MS03-007
2003-06-02 00:00:00
CERT Advisory CA-2003-09 Buffer Overflow in Microsoft IIS 5.0
2003-03-18 00:00:00
cve
cve
CVE-2003-0109
2003-03-31 05:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft IIS WebDAV Remote Buffer Overflow (MS03-007) - Ver2 (CVE-2003-0109)
2014-12-28 00:00:00
Microsoft IIS WebDAV Remote Buffer Overflow (MS03-007; CVE-2003-0109)
2009-12-13 00:00:00
HTTP Methods (CAN-2003-0109; CVE-2007-1560; CVE-2015-1499)
2015-06-14 00:00:00
saint
saint
ntdll.dll buffer overflow via IIS 5.0 WebDAV
2006-07-18 00:00:00
ntdll.dll buffer overflow via IIS 5.0 WebDAV
2006-07-18 00:00:00
ntdll.dll buffer overflow via IIS 5.0 WebDAV
2006-07-18 00:00:00
nessus
nessus
Microsoft IIS WebDAV ntdll.dll Remote Overflow (MS03-007)
2003-03-18 00:00:00
MS03-007: Unchecked Buffer in ntdll.dll (815021)
2003-03-18 00:00:00
packetstorm
packetstorm
Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow
2009-11-26 00:00:00
exploitpack
exploitpack
Microsoft IIS 5.0 - WebDAV Remote
2003-03-24 00:00:00
cert
cert
Buffer Overflow in Core Microsoft Windows DLL
2003-03-17 00:00:00
seebug
seebug
MS Windows WebDAV Remote PoC Exploit
2006-10-24 00:00:00
exploitdb
exploitdb
Microsoft IIS 5.0 - WebDAV Remote
2003-03-24 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 17, 2017
2017-04-21 18:23:45

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.974 High

EPSS

Percentile

99.9%

JSON
Related for SAINT:CCC95CE293BFDC7B340EFE1C0D306B03
openvas2canvas1securityvulns2cve1checkpoint_advisories3saint3nessus2packetstorm1exploitpack1cert1seebug1exploitdb1trendmicroblog1