ID CVE-2003-0717
Summary The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
CVSS
Base: 7.5 (as of 30-04-2019 - 14:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2011-10-03T04:00:04.092-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Pradeep R B
      organization SecPod Technologies
    description The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
    family windows
    id oval:org.mitre.oval:def:213
    status accepted
    submitted 2003-10-16T12:00:00.000-04:00
    title Windows 2000 Messenger Service Buffer Overflow
    version 67
  • accepted 2011-10-03T04:00:05.259-04:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Brendan Miles
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Pradeep R B
      organization SecPod Technologies
    description The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
    family windows
    id oval:org.mitre.oval:def:268
    status accepted
    submitted 2003-10-28T12:00:00.000-04:00
    title Windows XP Messenger Service Buffer Overflow
    version 73
refmap via4
bid 8826
bugtraq
  • 20031016 MS03-043 Popup Messenger Servce buffer-overflow
  • 20031018 Proof of concept for Windows Messenger Service overflow
cert CA-2003-27
cert-vn VU#575892
Last major update 30-04-2019 - 14:27
Published 17-11-2003 - 05:00
Last modified 30-04-2019 - 14:27
Back to Top