| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.0 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Microsoft Windows ME/XP/NT 4.0/2000/Server 2003. It has been classified as critical. Impacted is an unknown function. Performing a manipulation results in memory corruption. This vulnerability was named CVE-2003-0719. In addition, an exploit is available. Upgrading the affected component is recommended.
Details
A vulnerability, which was classified as critical, was found in Microsoft Windows ME/XP/NT 4.0/2000/Server 2003 (Operating System). This affects an unknown code block. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
The weakness was presented 04/13/2004 by Mark Dowd and Neel Mehta as confirmed advisory (CERT.org). The advisory is shared at kb.cert.org. This vulnerability is uniquely identified as CVE-2003-0719 since 09/02/2003. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are unknown but an exploit is available.
After 2 weeks, there has been an exploit disclosed. The exploit is shared for download at saintcorporation.com. It is declared as highly functional. We expect the 0-day to have been worth approximately $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 12205 (MS04-011: Microsoft Hotfix (credentialed check) (835732)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins. The commercial vulnerability scanner Qualys is able to test this issue with plugin 90108 (Multiple Microsoft Windows Vulnerabilities (MS04-011)).
Upgrading eliminates this vulnerability. Attack attempts may be identified with Snort ID 2515. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 2769.
The vulnerability is also documented in the databases at X-Force (15818), Exploit-DB (275), Tenable (12205), SecurityFocus (BID 10116†) and OSVDB (5250†). See VDB-530, VDB-599, VDB-600 and VDB-603 for similar entries. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.microsoft.com/
- Product: https://www.microsoft.com/en-us/windows
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 7.0
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Highly functional
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 12205
Nessus Name: MS04-011: Microsoft Hotfix (credentialed check) (835732)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 101011
OpenVAS Name: MS04-011 security check
OpenVAS File: 🔍
OpenVAS Family: 🔍
Saint ID: exploit_info/microsoft_ssl_pct
Saint Name: Microsoft SSL library PCT buffer overflow
Qualys ID: 🔍
Qualys Name: 🔍
MetaSploit ID: ms04_011_pct.rb
MetaSploit Name: MS04-011 Microsoft Private Communications Transport Overflow
MetaSploit File: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Snort ID: 2515
TippingPoint: 🔍
McAfee IPS Version: 🔍
SourceFire IPS: 🔍
ISS Proventia IPS: 🔍
PaloAlto IPS: 🔍
Timeline
09/02/2003 🔍04/13/2004 🔍
04/13/2004 🔍
04/13/2004 🔍
04/13/2004 🔍
04/13/2004 🔍
04/14/2004 🔍
04/23/2004 🔍
06/01/2004 🔍
10/16/2014 🔍
12/31/2024 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: kb.cert.org
Researcher: Mark Dowd, Neel Mehta
Status: Confirmed
CVE: CVE-2003-0719 (🔍)
GCVE (CVE): GCVE-0-2003-0719
GCVE (VulDB): GCVE-100-21873
OVAL: 🔍
CERT: 🔍
X-Force: 15818
SecurityFocus: 10116
Secunia: 11064 - Microsoft Windows 14 Vulnerabilities, Highly Critical
OSVDB: 5250 - Microsoft Windows SSL Library Private Communications Transport (PCT) Remote Overflow
Vulnerability Center: 4128 - [MS04-011] Buffer Overflow in Private Communications Transport (PCT) Protocol, Medium
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 10/16/2014 17:27Updated: 12/31/2024 07:40
Changes: 10/16/2014 17:27 (50), 09/17/2018 07:18 (43), 06/29/2021 17:23 (4), 06/29/2021 17:31 (1), 12/31/2024 07:40 (16)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.