CVE-2003-0469
published 2003-08-07CVE-2003-0469: Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and…
PriorityP336high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
49.53%
98.7th percentile
Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
| microsoft | windows_nt | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect excessively long 'align' attribute values on HR tags in HTML content processed by HTML32.cnv, which triggers the buffer overflow ↗
- →Monitor for exploit delivery via cut-and-paste operations (execCommand Copy/SelectAll) in browser contexts such as Internet Explorer, which can trigger HTML32.cnv processing of malicious HR align payloads ↗
- →Look for off-screen window creation (moveTo screen.Width, screen.Height) combined with document.execCommand Copy sequences as a delivery mechanism for this exploit ↗
- ·The overflow is triggered specifically through the cut-and-paste code path in HTML32.cnv, not direct rendering; detection must account for this indirect trigger mechanism ↗
- ·Affected platforms include Windows XP, 2000, and NT 4.0; scope of vulnerable systems should be validated against these versions ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006155.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2003-June/006067.htmlhttp://marc.info/?l=bugtraq&m=105639925122961&w=2http://www.cert.org/advisories/CA-2003-14.htmlhttp://www.kb.cert.org/vuls/id/823260http://www.securityfocus.com/bid/8016https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-023http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006155.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2003-June/006067.htmlhttp://marc.info/?l=bugtraq&m=105639925122961&w=2http://www.cert.org/advisories/CA-2003-14.htmlhttp://www.kb.cert.org/vuls/id/823260http://www.securityfocus.com/bid/8016https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-023
2003-08-07
Published