Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
Published 2003-03-31 05:00:00
Updated 2019-04-30 14:27:14
Source MITRE
View at NVD,   CVE.org
Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2003-0109

Probability of exploitation activity in the next 30 days: 97.42%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2003-0109

  • MS03-007 Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow
    Disclosure Date: 2003-05-30
    First seen: 2020-04-26
    exploit/windows/iis/ms03_007_ntdll_webdav
    This exploits a buffer overflow in NTDLL.dll on Windows 2000 through the SEARCH WebDAV method in IIS. This particular module only works against Windows 2000. It should have a reasonable chance of success against SP0 to SP3. Authors: - hdm <x@hdm.io

CVSS scores for CVE-2003-0109

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST

References for CVE-2003-0109

Products affected by CVE-2003-0109

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!