cbcvebase.
CVE-2003-0819
published 2004-02-17

CVE-2003-0819: Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the…

PriorityP348critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
40.87%
98.5th percentile
Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.

Affected

1 ranges
VendorProductVersion rangeFixed in
microsoftproxy_server

Detection & IOCsextracted from sources · hover to see the quote

  • Attack vector targets H.323/H.225 protocol processing; malicious H.323 traffic (as generated by the NISCC/OUSPG PROTOS H.225 test suite) can be used to trigger the vulnerability — monitor for anomalous or malformed H.323/H.225 messages on relevant ports
  • Cisco IOS devices running H.323 as network elements, or configured for IOS NAT or IOS Firewall (CBAC), are attack surfaces; inspect H.323 traffic traversing these roles
  • The vulnerability can be exploited repeatedly; repeated malformed H.323 connection attempts or DoS patterns against H.323 listeners should be treated as active exploitation indicators
  • ·Cisco IOS releases from 11.3T onward are potentially affected if voice/multimedia (H.323) support is compiled in; scope is broad across IOS versions
  • ·Non-IOS Cisco voice products are also in scope and should be assessed separately
  • ·Microsoft ISA Server 2000 is also affected via its H.323 filter in the Microsoft Firewall Service; the attack surface is the firewall's H.323 inspection component, not just end-user VoIP devices
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.