CVE-2003-0659
published 2003-11-17CVE-2003-0659: Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to…
PriorityP338high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
33.58%
98.2th percentile
Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
| microsoft | windows_nt | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows - ListBox/ComboBox Control Local (MS03-045)
exploitdb·2003-11-14
CVE-2003-0659 Microsoft Windows - ListBox/ComboBox Control Local (MS03-045)
Microsoft Windows - ListBox/ComboBox Control Local (MS03-045)
---
/*
\ local ListBox/ComboBox exploit for Win32
/
\ Created by xCrZx crazy_einstein yahoo com /11.11.03/
/
\ Usage: MS03-045.exe [-r return address]
/
\ there is two targets: CB_DIR (for ComboBox), LB_DIR (for ListBox).
/
\ As to return address it should be such as 0x0000XXYY
/ (and you should know that this address will be transformed
\ into unicode! And if XX and YY bytes vuln.exe
/
\
/ C:\...ual Studio\MyProjects\vuln\Debug>
\
/
\ -------
/
\ exploit:
/
\ C:\MSVCSTAFF\Debug>85boom.exe -t 0
/
\ [MS03-045 local exploit by xCrZx /11.11.03/]
/
\ Enter addresses of the program handles:
/
\ (i.e. "00450ca1 0066345c") -> 1e01f6 2701a2
/
\ [+] Set shellcode!
/ --> Using LB_DIR command
\ --> Using return address = 0x1515
/ [+] Set
Exploit-DB
Microsoft ListBox/ComboBox Control - 'User32.dll' Buffer Overrun
exploitdb·2003-10-15
CVE-2003-0659 Microsoft ListBox/ComboBox Control - 'User32.dll' Buffer Overrun
Microsoft ListBox/ComboBox Control - 'User32.dll' Buffer Overrun
---
source: https://www.securityfocus.com/bid/8827/info
Microsoft has reported the existence of a local buffer overrun vulnerability in an undisclosed User32.dll library function. This function is used by applications implementing the use of ListBox or ComboBox controls and will be triggered when the program encounters specific types of Windows messages.
This issue poses a security risk when a privileged application is running in the environment of an unprivileged user. Due to the ability for a program to transmit a windows message to another process, an attacker may be capable of exploiting this buffer overrun to gain privileged access to a system.
// vuln.cpp : Defines the entry point for the application.
//
#include
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=106631999907035&w=2http://marc.info/?l=ntbugtraq&m=106632111408343&w=2http://www.cert.org/advisories/CA-2003-27.htmlhttp://www.kb.cert.org/vuls/id/967668http://www.securityfocus.com/bid/8827https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-045https://exchange.xforce.ibmcloud.com/vulnerabilities/13424https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A201https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A340http://marc.info/?l=bugtraq&m=106631999907035&w=2http://marc.info/?l=ntbugtraq&m=106632111408343&w=2http://www.cert.org/advisories/CA-2003-27.htmlhttp://www.kb.cert.org/vuls/id/967668http://www.securityfocus.com/bid/8827https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-045https://exchange.xforce.ibmcloud.com/vulnerabilities/13424https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A201https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A340
2003-11-17
Published