Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0117Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Biztalk Server

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
18.6%
top 4.73%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Biztalk Server
Timeline
PublishedMay 12
Latest updateApr 29

Description

Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-9fg3-x29w-7qw6: Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive2022-04-29
CVEList
CVE-2003-0117: Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive2003-05-02

💥Exploits & PoCs

1
Exploit-DB
Microsoft BizTalk Server 2002 - HTTP Receiver Buffer Overflow2003-04-30
CVE-2003-0117 — Microsoft Biztalk Server vulnerability | cvebase