// For flags

CVE-2003-0109

MS03-007 Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

11
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2003-02-26 CVE Reserved
  • 2003-03-17 First Exploit
  • 2003-03-18 CVE Published
  • 2024-07-26 EPSS Updated
  • 2024-08-08 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (26)
URL Tag Source
http://marc.info/?l=bugtraq&m=104826476427372&w=2 Mailing List
http://marc.info/?l=bugtraq&m=104861839130254&w=2 Mailing List
http://marc.info/?l=bugtraq&m=104869293619064&w=2 Mailing List
http://marc.info/?l=bugtraq&m=104887148323552&w=2 Mailing List
http://marc.info/?l=bugtraq&m=105768156625699&w=2 Mailing List
http://marc.info/?l=ntbugtraq&m=104826785731151&w=2 Mailing List
http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-4844-B62E-C69D32AC929B&displaylang=en X_refsource_confirm
http://www.kb.cert.org/vuls/id/117394 Third Party Advisory
http://www.nextgenss.com/papers/ms03-007-ntdll.pdf X_refsource_misc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A109 Signature
URL Date SRC
https://www.exploit-db.com/exploits/1 2003-03-23
https://www.exploit-db.com/exploits/22365 2003-03-24
https://www.exploit-db.com/exploits/22366 2003-03-31
https://www.exploit-db.com/exploits/22367 2003-04-04
https://www.exploit-db.com/exploits/22368 2003-03-17
https://www.exploit-db.com/exploits/16470 2010-07-25
https://www.exploit-db.com/exploits/2 2003-03-24
https://www.exploit-db.com/exploits/51 2003-07-08
https://www.exploit-db.com/exploits/36 2003-06-01
http://www.securityfocus.com/bid/7116 2024-08-08
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/iis/ms03_007_ntdll_webdav.rb 2003-05-30
URL Date SRC
http://www.cert.org/advisories/CA-2003-09.html 2023-11-07
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=22029 2023-11-07
http://www.iss.net/security_center/static/11533.php 2023-11-07
URL Date SRC
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ815021 2023-11-07
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-007 2023-11-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
 Windows 2000
Search vendor "Microsoft" for product "Windows 2000"
*-
Affected
Microsoft
Search vendor "Microsoft"
 Windows 2000
Search vendor "Microsoft" for product "Windows 2000"
*sp1
Affected
Microsoft
Search vendor "Microsoft"
 Windows 2000
Search vendor "Microsoft" for product "Windows 2000"
*sp2
Affected
Microsoft
Search vendor "Microsoft"
 Windows 2000
Search vendor "Microsoft" for product "Windows 2000"
*sp3
Affected
Microsoft
Search vendor "Microsoft"
 Windows 2000 Terminal Services
Search vendor "Microsoft" for product "Windows 2000 Terminal Services"
*-
Affected
Microsoft
Search vendor "Microsoft"
 Windows 2000 Terminal Services
Search vendor "Microsoft" for product "Windows 2000 Terminal Services"
*sp1
Affected
Microsoft
Search vendor "Microsoft"
 Windows 2000 Terminal Services
Search vendor "Microsoft" for product "Windows 2000 Terminal Services"
*sp2
Affected
Microsoft
Search vendor "Microsoft"
 Windows 2000 Terminal Services
Search vendor "Microsoft" for product "Windows 2000 Terminal Services"
*sp3
Affected