Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0113Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft IE

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
45.4%
top 2.38%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedMay 12
Latest updateApr 29

Description

Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDmicrosoft/internet_explorer5.0.1, 5.5, 6.0+2
NVDmicrosoft/ie6.0

🔴Vulnerability Details

2
GHSA
GHSA-4x7x-3r29-5pc7: Buffer overflow in URLMON2022-04-29
CVEList
CVE-2003-0113: Buffer overflow in URLMON2003-04-26

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 5 - Remote 'URLMON.dll' Remote Buffer Overflow2003-04-23
CVE-2003-0113 — Microsoft IE vulnerability | cvebase