CVE-2003-0803
published 2003-10-06CVE-2003-0803: Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and…
PriorityP429high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
5.48%
91.8th percentile
Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nokia | electronic_documentation | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows XP/2000/2003 - Graphical Device Interface Library Denial of Service
exploitdb·2005-03-17
CVE-2005-0803 Microsoft Windows XP/2000/2003 - Graphical Device Interface Library Denial of Service
Microsoft Windows XP/2000/2003 - Graphical Device Interface Library Denial of Service
---
source: https://www.securityfocus.com/bid/12834/info
Reportedly, a denial of service vulnerability affects Microsoft Windows GDI library 'gdi32.dll'. This issue is due to a failure of the application to securely copy data from malformed EMF image files.
An attacker may leverage this issue to trigger a denial of service condition in software implementing the vulnerable library. Other attacks may also be possible.
A hex dumped EMF file:
0000000 01 00 00 00 64 00 00 00 93 00 00 00 02 00 00 00
0000010 83 01 00 00 39 01 00 00 00 00 00 00 00 00 00 00
0000020 d1 08 00 00 be 06 00 00 20 45 4d 46 00 00 01 00
0000030 78 00 00 00 17 00 00 00 03 00 00 00 0f 00 00 00
0000040 64 00 00 00 41 00 00 00 c8 12 00 0
Exploit-DB
Nokia Electronic Documentation 5.0 - Connection redirection
exploitdb·2003-09-15
CVE-2003-0803 Nokia Electronic Documentation 5.0 - Connection redirection
Nokia Electronic Documentation 5.0 - Connection redirection
---
source: https://www.securityfocus.com/bid/8625/info
A vulnerability has been discovered in Nokia Electronic Documentation (NED) that may allow an attacker to redirect connections to a third party system. The problem likely occurs due to the NED server failing to sufficiently verify hosts provided within specific HTTP requests. As a result, an attacker may be capable of making a request that would cause data to be redirected to a third party system.
This may allow an attacker to interact with an otherwise inaccessible system, or potentially hide the origin of attacks launched against other targets.
http://www.example.org/docs/NED?action=retrieve&location=http://www.target.com/
No writeups or analysis indexed.
2003-10-06
Published