CVE-2003-0819
published 2004-02-17CVE-2003-0819: Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the…
PriorityP348critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
40.87%
98.5th percentile
Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | proxy_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Attack vector targets H.323/H.225 protocol processing; malicious H.323 traffic (as generated by the NISCC/OUSPG PROTOS H.225 test suite) can be used to trigger the vulnerability — monitor for anomalous or malformed H.323/H.225 messages on relevant ports ↗
- →Cisco IOS devices running H.323 as network elements, or configured for IOS NAT or IOS Firewall (CBAC), are attack surfaces; inspect H.323 traffic traversing these roles ↗
- →The vulnerability can be exploited repeatedly; repeated malformed H.323 connection attempts or DoS patterns against H.323 listeners should be treated as active exploitation indicators ↗
- ·Cisco IOS releases from 11.3T onward are potentially affected if voice/multimedia (H.323) support is compiled in; scope is broad across IOS versions ↗
- ·Non-IOS Cisco voice products are also in scope and should be assessed separately ↗
- ·Microsoft ISA Server 2000 is also affected via its H.323 filter in the Microsoft Firewall Service; the attack surface is the firewall's H.323 inspection component, not just end-user VoIP devices ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-46hh-56wc-9gv2: Buffer overflow in the H
ghsa_unreviewed·2022-04-29
CVE-2003-0819 [HIGH] CWE-119 GHSA-46hh-56wc-9gv2: Buffer overflow in the H
Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
Cisco
Vulnerabilities in H.323 Message Processing
vendor_cisco·2004-01-13
CVE-2003-0819 Vulnerabilities in H.323 Message Processing
Vulnerabilities in H.323 Message Processing
Multiple Cisco products contain vulnerabilities in the processing of
H.323 messages, which are typically used in Voice over Internet Protocol (VoIP)
or multimedia applications. A test suite has been developed by the University
of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco
IOS® Software Release 11.3T. Release 11.3T, and all
later Cisco IOS releases may be affected if the software includes support for
voice/multimedia applications. Vulnerable devices include those that contain
software support for H.323 as network elements as well as those configured for
IOS Network Address Translation (NAT) and those configured for IOS Firewall
(also known as Context-Based Access Control [CB
Cisco
Vulnerabilities in H.323 Message Processing
vendor_cisco
CVE-2003-0819 Vulnerabilities in H.323 Message Processing
CVE-2003-0819: Vulnerabilities in H.323 Message Processing
Multiple Cisco products contain vulnerabilities in the processing of H.323 messages, which are typically used in Voice over Internet Protocol (VoIP) or multimedia applications. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities. Support for the H.323 protocol was introduced in Cisco IOS � Software Release 11.3T. Release 11.3T, and all later Cisco IOS releases may be affected if the software includes support for voice/multimedia applications. Vulnerable devices include those that contain software support for H.323 as network elements as well as those configured for IOS Network Address Translation (NAT) and those configured for IOS Firewall (also known as Context-Based Acces
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/10611http://www.cert.org/advisories/CA-2004-01.htmlhttp://www.kb.cert.org/vuls/id/749342http://www.securityfocus.com/bid/9406http://www.securityfocus.com/bid/9408http://www.securitytracker.com/id?1008698http://www.uniras.gov.uk/vuls/2004/006489/h323.htmhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-001https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A478http://secunia.com/advisories/10611http://www.cert.org/advisories/CA-2004-01.htmlhttp://www.kb.cert.org/vuls/id/749342http://www.securityfocus.com/bid/9406http://www.securityfocus.com/bid/9408http://www.securitytracker.com/id?1008698http://www.uniras.gov.uk/vuls/2004/006489/h323.htmhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-001https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A478
2004-02-17
Published