Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0003 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows NT

5 documents4 sources

Severity

7.5HIGHNVD

EPSS

23.4%

top 4.03%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows NT

Timeline

PublishedFeb 7

Latest updateApr 29

Description

Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/windows_nt4.0

Patches

Patch: www.cert.org ↗Patch: www.kb.cert.org ↗Patch: www.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-4hj3-h8v7-rmf3: Buffer overflow in the RPC Locator service for Microsoft Windows NT 4↗2022-04-29

▶

CVEList

CVE-2003-0003: Buffer overflow in the RPC Locator service for Microsoft Windows NT 4↗2004-09-01

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow↗2003-04-03

▶

Exploit-DB

Microsoft Windows XP/2000/NT 4.0 - Locator Service Buffer Overflow↗2003-01-22

▶