exploits , vulnerabilities , articles , Microsoft Windows Messenger Service Buffer Overrun Vulnerability

Title	Microsoft Windows Messenger Service Buffer Overrun Vulnerability
Published	2003-10-15-12:00AM
Updated	2003-12-16-10:29PM
Class	Boundary Condition Error
CVE	CAN-2003-0717
Remote	Yes
Local	No
Credit	Discovery is credited to The Last Stage of Delirium Research Group.
Vulnerable	Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows XP 64bit Edition Version 2003 Microsoft Windows XP 64bit Edition SP1 Microsoft Windows XP 64bit Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Enterprise Edition 64bit Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter Edition 64bit Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Terminal Server 4.0 SP6 Microsoft Windows NT Terminal Server 4.0 SP5 Microsoft Windows NT Terminal Server 4.0 SP4 Microsoft Windows NT Terminal Server 4.0 SP3 Microsoft Windows NT Terminal Server 4.0 SP2 Microsoft Windows NT Terminal Server 4.0 SP1 Microsoft Windows NT Terminal Server 4.0 Microsoft Windows NT Server 4.0 SP6a Avaya DefinityOne Media Servers Avaya IP600 Media Servers Avaya S8100 Media Servers Microsoft Windows NT Server 4.0 SP6 Microsoft Windows NT Server 4.0 SP5 Microsoft Windows NT Server 4.0 SP4 Microsoft Windows NT Server 4.0 SP3 Microsoft Windows NT Server 4.0 SP2 Microsoft Windows NT Server 4.0 SP1 Microsoft Windows NT Server 4.0 Microsoft Windows NT Enterprise Server 4.0 SP6a Microsoft Windows NT Enterprise Server 4.0 SP6 Microsoft Windows NT Enterprise Server 4.0 SP5 Microsoft Windows NT Enterprise Server 4.0 SP4 Microsoft Windows NT Enterprise Server 4.0 SP3 Microsoft Windows NT Enterprise Server 4.0 SP2 Microsoft Windows NT Enterprise Server 4.0 SP1 Microsoft Windows NT Enterprise Server 4.0 Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server Avaya DefinityOne Media Servers Avaya IP600 Media Servers Avaya S3400 Message Application Server Avaya S8100 Media Servers Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Datacenter Server SP3 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Advanced Server SP4 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server
Not Vulnerable
Code	CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild. A proof of concept exploit (MS03-04.W2kFR.c), has been released by MrNice and has been reported to be tested on French Localized Microsoft Windows 2000 SP0 systems. A denial of service proof-of-concept has been released. A Linux port (ms03-043.c) of the denial of service proof-of-concept has also been released. The Linux port has been updated so that it compiles on FreeBSD. /data/vulnerabilities/exploits/MS03-043_poc.c /data/vulnerabilities/exploits/ms03-043.c /data/vulnerabilities/exploits/msgr07.c /data/vulnerabilities/exploits/MS03-04.W2kFR.c
TXT

Vulnerabilities - newest 10 RSS | More

2008-12-04 Rae Media Web Based Contact Management Login SQL Injection Vulnerability
2008-12-04 Nagios External Commands and Adaptive Commands Unspecified Vulnerability
2008-12-04 Z1Exchange SQL Injection and Cross Site Scripting Vulnerabilities
2008-12-04 mvnForum Cross Site Scripting Vulnerability
2008-12-04 i-Net Solution Orkut Clone SQL Injection and Cross Site Scripting Vulnerabilities
2008-12-04 Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
2008-12-04 Jbook SQL Injection Vulnerability
2008-12-04 SquirrelMail Malformed HTML Mail Message HTML Injection Vulnerability
2008-12-04 HP-UX Unspecified Local Denial Of Service Vulnerability
2008-12-04 Netrw Vim Script Information Disclosure Vulnerability