ID CVE-2003-0109
Summary Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:-:advanced_server
    cpe:2.3:o:microsoft:windows_2000:-:advanced_server
  • cpe:2.3:o:microsoft:windows_2000:-:datacenter_server
    cpe:2.3:o:microsoft:windows_2000:-:datacenter_server
  • cpe:2.3:o:microsoft:windows_2000:-:professional
    cpe:2.3:o:microsoft:windows_2000:-:professional
  • cpe:2.3:o:microsoft:windows_2000:-:server
    cpe:2.3:o:microsoft:windows_2000:-:server
  • Microsoft Windows 2000 Advanced Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:datacenter_server
  • Microsoft Windows 2000 Professional SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:professional
  • Microsoft Windows 2000 Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:server
  • Microsoft Windows 2000 Advanced Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:datacenter_server
  • Microsoft Windows 2000 Professional SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:professional
  • Microsoft Windows 2000 Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:server
  • Microsoft Windows 2000 Advanced Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:datacenter_server
  • Microsoft Windows 2000 Professional SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:professional
  • Microsoft Windows 2000 Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:server
  • Microsoft Windows 2000 Terminal Services
    cpe:2.3:o:microsoft:windows_2000_terminal_services
  • Microsoft Windows 2000 Terminal Services Service Pack 1
    cpe:2.3:o:microsoft:windows_2000_terminal_services:-:sp1
  • Microsoft Windows 2000 Terminal Services Service Pack 2
    cpe:2.3:o:microsoft:windows_2000_terminal_services:-:sp2
  • Microsoft Windows 2000 Terminal Services Service Pack 3
    cpe:2.3:o:microsoft:windows_2000_terminal_services:-:sp3
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (2). CVE-2003-0109. Remote exploit for windows platform
    id EDB-ID:22366
    last seen 2016-02-02
    modified 2003-03-31
    published 2003-03-31
    reporter ThreaT
    source https://www.exploit-db.com/download/22366/
    title Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability 2
  • description Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (3). CVE-2003-0109. Remote exploit for windows platform
    id EDB-ID:22367
    last seen 2016-02-02
    modified 2003-04-04
    published 2003-04-04
    reporter Morning Wood
    source https://www.exploit-db.com/download/22367/
    title Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability 3
  • description Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (4). CVE-2003-0109. Remote exploit for windows platform
    id EDB-ID:22368
    last seen 2016-02-02
    modified 2003-03-17
    published 2003-03-17
    reporter aT4r@3wdesign.es
    source https://www.exploit-db.com/download/22368/
    title Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability 4
  • description MS Windows WebDav II (New) Remote Root Exploit. CVE-2003-0109. Remote exploit for windows platform
    id EDB-ID:36
    last seen 2016-01-31
    modified 2003-06-01
    published 2003-06-01
    reporter alumni
    source https://www.exploit-db.com/download/36/
    title Microsoft Windows WebDav II - Remote Root Exploit 2
  • description Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow. CVE-2003-0109. Remote exploit for windows platform
    id EDB-ID:16470
    last seen 2016-02-01
    modified 2010-07-25
    published 2010-07-25
    reporter metasploit
    source https://www.exploit-db.com/download/16470/
    title Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow
  • description MS Windows WebDAV Remote PoC Exploit. CVE-2003-0109. Remote exploit for windows platform
    id EDB-ID:2
    last seen 2016-01-31
    modified 2003-03-24
    published 2003-03-24
    reporter RoMaNSoFt
    source https://www.exploit-db.com/download/2/
    title Microsoft Windows WebDAV - Remote PoC Exploit
  • description Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (1). CVE-2003-0109. Remote exploit for windows platform
    id EDB-ID:22365
    last seen 2016-02-02
    modified 2003-03-24
    published 2003-03-24
    reporter mat
    source https://www.exploit-db.com/download/22365/
    title Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability 1
  • description MS Windows WebDAV (ntdll.dll) Remote Exploit. CVE-2003-0109. Remote exploit for windows platform
    id EDB-ID:1
    last seen 2016-01-31
    modified 2003-03-23
    published 2003-03-23
    reporter kralor
    source https://www.exploit-db.com/download/1/
    title Microsoft Windows WebDAV - ntdll.dll Remote Exploit
  • description MS Windows WebDav III remote root Exploit (xwdav). CVE-2003-0109. Remote exploit for windows platform
    id EDB-ID:51
    last seen 2016-01-31
    modified 2003-07-08
    published 2003-07-08
    reporter Schizoprenic
    source https://www.exploit-db.com/download/51/
    title Microsoft Windows WebDav III - Remote Root Exploit xwdav
metasploit via4
description This exploits a buffer overflow in NTDLL.dll on Windows 2000 through the SEARCH WebDAV method in IIS. This particular module only works against Windows 2000. It should have a reasonable chance of success against any service pack.
id MSF:EXPLOIT/WINDOWS/IIS/MS03_007_NTDLL_WEBDAV
last seen 2019-03-12
modified 2017-07-24
published 2007-03-01
reliability Great
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/iis/ms03_007_ntdll_webdav.rb
title MS03-007 Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow
nessus via4
  • NASL family Web Servers
    NASL id IIS_WEBDAV_OVERFLOW.NASL
    description The remote WebDAV server is vulnerable to a buffer overflow when it receives a too long request. An attacker may use this flaw to execute arbitrary code within the LocalSystem security context.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 11412
    published 2003-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11412
    title Microsoft IIS WebDAV ntdll.dll Remote Overflow (MS03-007)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS03-007.NASL
    description The remote version of Windows contains a buffer overflow in the Windows kernel, that could allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges. For example this vulnerability can be exploited through the WebDAV component of IIS 5.0. A public exploit is available.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 11413
    published 2003-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11413
    title MS03-007: Unchecked Buffer in ntdll.dll (815021)
oval via4
accepted 2011-05-16T04:00:17.953-04:00
class vulnerability
contributors
  • name Tiffany Bergeron
    organization The MITRE Corporation
  • name Anna Min
    organization BigFix, Inc
  • name Sudhir Gandhe
    organization Telos
  • name Shane Shaffer
    organization G2, Inc.
description Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
family windows
id oval:org.mitre.oval:def:109
status accepted
submitted 2003-10-10T12:00:00.000-04:00
title Windows ntdll.dll Buffer Overflow
version 66
packetstorm via4
data source https://packetstormsecurity.com/files/download/83237/ms03_007_ntdll_webdav.rb.txt
id PACKETSTORM:83237
last seen 2016-12-05
published 2009-11-26
reporter H D Moore
source https://packetstormsecurity.com/files/83237/Microsoft-IIS-5.0-WebDAV-ntdll.dll-Path-Overflow.html
title Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow
refmap via4
bid 7116
bugtraq
  • 20030321 New attack vectors and a vulnerability dissection of MS03-007
  • 20030325 IIS 5.0 WebDAV -Proof of concept-. Fully documented.
  • 20030326 WebDAV exploit: using wide character decoder scheme
  • 20030328 Fate Research Labs Presents: Analysis of the NTDLL.DLL Exploit
  • 20030708 WDAV exploit without netcat and with pretty magic number
cert CA-2003-09
cert-vn VU#117394
confirm http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-4844-B62E-C69D32AC929B&displaylang=en
iss 20030317 Microsoft IIS WebDAV Remote Compromise Vulnerability
misc http://www.nextgenss.com/papers/ms03-007-ntdll.pdf
ms MS03-007
mskb Q815021
ntbugtraq 20030321 New attack vectors and a vulnerability dissection of MS03-007
vulnwatch 20030317 Microsoft IIS 5.0 WebDAV remote buffer overflow
xf http-webdav-long-request(11533)
saint via4
bid 7116
description ntdll.dll buffer overflow via IIS 5.0 WebDAV
id win_patch_ntdll,web_server_iis_webdav
osvdb 4467
title iis5_webdav
type remote
Last major update 17-10-2016 - 22:29
Published 31-03-2003 - 00:00
Last modified 12-10-2018 - 17:32
Back to Top