Vulnerability Details : CVE-2003-0714
Public exploit exists!
The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000.
Vulnerability category: OverflowDenial of service
Threat overview for CVE-2003-0714
Top countries where our scanners detected CVE-2003-0714
Top open port discovered on systems with this issue
110
IPs affected by CVE-2003-0714 231
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2003-0714!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2003-0714
Probability of exploitation activity in the next 30 days: 9.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2003-0714
-
MS03-046 Exchange 2000 XEXCH50 Heap Overflow
Disclosure Date: 2003-10-15First seen: 2020-04-26exploit/windows/smtp/ms03_046_exchange2000_xexch50This is an exploit for the Exchange 2000 heap overflow. Due to the nature of the vulnerability, this exploit is not very reliable. This module has been tested against Exchange 2000 SP0 and SP3 running a Windows 2000 system patched to SP4. It normally takes
CVSS scores for CVE-2003-0714
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2003-0714
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2003-0714
-
http://marc.info/?l=bugtraq&m=106682909006586&w=2
Mailing List;Third Party Advisory
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-046
Patch;Vendor Advisory
-
http://www.cert.org/advisories/CA-2003-27.html
Third Party Advisory;US Government Resource
-
http://www.kb.cert.org/vuls/id/422156
Patch;Third Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/8838
Microsoft Exchange Server Buffer Overflow VulnerabilityExploit;Patch;Third Party Advisory;VDB Entry
Products affected by CVE-2003-0714
- cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2000:-:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2000:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2000:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*