Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0469 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows 2003 Server

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

71.6%

top 1.27%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows 2003 Server Microsoft Windows NT

Timeline

PublishedAug 7

Latest updateApr 29

Description

Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/windows_nt4.0

▶NVDmicrosoft/windows_2003_server64-bit, r2+1

🔴Vulnerability Details

GHSA

GHSA-vh7h-gpp8-jfqq: Buffer overflow in the HTML Converter (HTML32↗2022-04-29

▶

CVEList

CVE-2003-0469: Buffer overflow in the HTML Converter (HTML32↗2003-06-28

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows XP/2000/NT 4.0 - HTML Converter HR Align Buffer Overflow↗2003-06-23

▶