Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0719 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows 2003 Server

5 documents4 sources

Severity

7.5HIGHNVD

EPSS

74.7%

top 1.14%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows 2003 Server Microsoft Windows NT

Timeline

PublishedJun 1

Latest updateApr 29

Description

Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/windows_2003_serverr2

▶NVDmicrosoft/windows_nt4.0

Patches

Patch: www.kb.cert.org ↗Patch: www.securityfocus.com ↗Patch: xforce.iss.net ↗

🔴Vulnerability Details

GHSA

GHSA-qcv7-54h7-vffm: Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4↗2022-04-29

▶

CVEList

CVE-2003-0719: Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4↗2004-04-16

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Private Communications Transport - Remote Overflow (MS04-011) (Metasploit)↗2010-09-20

▶

Exploit-DB

Microsoft IIS 5.0 - SSL Remote Buffer Overflow (MS04-011)↗2004-04-21

▶