Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1407Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows NT

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
7.2HIGHNVD
EPSS
3.7%
top 12.09%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Windows NT
Timeline
PublishedDec 31
Latest updateApr 29

Description

Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-2v6g-rfjx-x852: Buffer overflow in cmd2022-04-29
CVEList
CVE-2003-1407: Buffer overflow in cmd2007-10-20

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows NT/2000 - 'cmd.exe' CD Buffer Overflow (PoC)2003-02-11
CVE-2003-1407 — Microsoft Windows NT vulnerability | cvebase