Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0659 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows 2003 Server

5 documents4 sources

Severity

7.2HIGHNVD

EPSS

3.6%

top 12.27%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows 2003 Server Microsoft Windows NT

Timeline

PublishedNov 17

Latest updateApr 29

Description

Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/windows_2003_server5 versions+4

▶NVDmicrosoft/windows_nt4.0

Patches

Patch: www.kb.cert.org ↗Patch: www.securityfocus.com ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-r2mc-qrj9-9325: Buffer overflow in a function in User32↗2022-04-29

▶

CVEList

CVE-2003-0659: Buffer overflow in a function in User32↗2003-10-17

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - ListBox/ComboBox Control Local (MS03-045)↗2003-11-14

▶

Exploit-DB

Microsoft ListBox/ComboBox Control - 'User32.dll' Buffer Overrun↗2003-10-15

▶