Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0717Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows 2003 Server

9 documents5 sources
Severity
7.5HIGHNVD
EPSS
85.8%
top 0.62%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Windows 2003 ServerMicrosoft Windows NT
Timeline
PublishedNov 17
Latest updateApr 29

Description

The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Patches

Patch: www.kb.cert.orgPatch: www.securityfocus.comPatch: www.kb.cert.org

🔴Vulnerability Details

2
GHSA
GHSA-w2mp-859x-7jh2: The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute2022-04-29
CVEList
CVE-2003-0717: The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute2003-10-17

💥Exploits & PoCs

4
Exploit-DB
Microsoft Messenger (Linux) - Denial of Service (MS03-043)2004-08-08
Exploit-DB
Microsoft Windows Messenger Service (French) - Remote (MS03-043)2003-12-16
Exploit-DB
Microsoft Windows XP/2000 - Messenger Service Buffer Overrun (MS03-043)2003-10-25
Exploit-DB
Microsoft Windows Messenger Service - Denial of Service (MS03-043)2003-10-18

🔍Detection Rules

2
Suricata
GPL NETBIOS SMB-DS DCERPC Messenger Service buffer overflow attempt2010-09-23
Suricata
GPL NETBIOS DCERPC Messenger Service buffer overflow attempt2010-09-23
CVE-2003-0717 — Microsoft vulnerability | cvebase