CVE-2003-0003
published 2003-02-07CVE-2003-0003: Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
45.45%
98.6th percentile
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_nt | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow
exploitdb·2003-04-03
CVE-2003-0003 Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow
Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow
---
/****************************************************************************
rpcexp.c
RPC LOCATOR Exploit
Autor: Marcin Wolak
mail: [email protected]
Last update: 30 march 2003
****************************************************************************/
/*****************************************************************************
About Compilation:
What You need to compile rpcexp.c ?
1. MS Platform SDK (August SDK is sufficient).
2. Compilator (f.e. MS Visual C++ 6.0).
rpcns4.lib is needed for linking.
*****************************************************************************/
/*****************************************************************************
Usage (You want to exploit remote Windows 2000 system (w2kho
Exploit-DB
Microsoft Windows XP/2000/NT 4.0 - Locator Service Buffer Overflow
exploitdb·2003-01-22
CVE-2003-0003 Microsoft Windows XP/2000/NT 4.0 - Locator Service Buffer Overflow
Microsoft Windows XP/2000/NT 4.0 - Locator Service Buffer Overflow
---
source: https://www.securityfocus.com/bid/6666/info
It has been reported that the Microsoft Windows Locator service is affected by a remotely exploitable buffer overflow vulnerability. The condition is due to a memory copy of RPC arguments received from remote clients into a local buffer.
This vulnerability may be exploited by remote attackers to execute custom instructions on the target server. It is also possible to crash the service with a malicious request. It should be noted that, to exploit this vulnerability, no authentication is required. Additionally, the Locator service is enabled by default on all Windows 2000 and Windows NT Domain Controllers (DC).
https://gitlab.com/exploit-database/exploitdb-bin-sploi
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=104394414713415&w=2http://marc.info/?l=ntbugtraq&m=104393588232166&w=2http://www.cert.org/advisories/CA-2003-03.htmlhttp://www.kb.cert.org/vuls/id/610986http://www.securityfocus.com/bid/6666https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-001https://exchange.xforce.ibmcloud.com/vulnerabilities/11132https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A103http://marc.info/?l=bugtraq&m=104394414713415&w=2http://marc.info/?l=ntbugtraq&m=104393588232166&w=2http://www.cert.org/advisories/CA-2003-03.htmlhttp://www.kb.cert.org/vuls/id/610986http://www.securityfocus.com/bid/6666https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-001https://exchange.xforce.ibmcloud.com/vulnerabilities/11132https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A103
2003-02-07
Published