Vulnerabilities > CVE-2003-0112 - Buffer Overflow vulnerability in Microsoft Windows Kernel Message Handling
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 45 |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS03-013.NASL |
| description | The remote version of Windows has a flaw in the way the kernel passes error messages to a debugger. An attacker could exploit it to gain elevated privileges on this host. To successfully exploit this vulnerability, an attacker would need a local account on this host. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11541 |
| published | 2003-04-16 |
| reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/11541 |
| title | MS03-013: Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493) |
Oval
accepted 2011-05-16T04:00:44.313-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger. family windows id oval:org.mitre.oval:def:1264 status accepted submitted 2005-01-31T12:00:00.000-04:00 title Windows XP Kernel Debugger-based Buffer Overflow (Test 1) version 70 accepted 2005-06-29T06:49:00.000-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Jonathan Baker organization The MITRE Corporation
definition_extensions comment Microsoft Windows NT is installed oval oval:org.mitre.oval:def:36 description Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger. family windows id oval:org.mitre.oval:def:142 status deprecated submitted 2004-11-02T12:00:00.000-04:00 title Suppressed OVAL142, covered by OVAL2022 version 71 accepted 2008-03-24T04:00:20.925-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation
definition_extensions comment Microsoft Windows NT is installed oval oval:org.mitre.oval:def:36 description Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger. family windows id oval:org.mitre.oval:def:2022 status accepted submitted 2004-07-13T12:00:00.000-04:00 title Windows NT Kernel Debugger-based Buffer Overflow version 72 accepted 2008-03-24T04:00:23.681-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation
definition_extensions comment Microsoft Windows NT is installed oval oval:org.mitre.oval:def:36 description Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger. family windows id oval:org.mitre.oval:def:2265 status accepted submitted 2004-07-13T12:00:00.000-04:00 title Windows NT Terminal Server Kernel Debugger-based Buffer Overflow version 72 accepted 2005-06-29T06:49:00.000-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation
description Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger. family windows id oval:org.mitre.oval:def:262 status accepted submitted 2004-11-02T12:00:00.000-04:00 title Windows 2000 Kernel Debugger-based Buffer Overflow version 65 accepted 2005-06-29T06:49:00.000-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation
description Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger. family windows id oval:org.mitre.oval:def:3145 status accepted submitted 2004-07-13T12:00:00.000-04:00 title Windows 2000 Kernel Debugger-based Buffer Overflow version 65 accepted 2011-05-16T04:03:27.460-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger. family windows id oval:org.mitre.oval:def:779 status accepted submitted 2004-11-30T12:00:00.000-04:00 title Windows XP Kernel Debugger-based Buffer Overflow (Test 2) version 70
References
- http://www.kb.cert.org/vuls/id/446338
- http://www.securityfocus.com/bid/7370
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-013
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11803
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1264
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A142
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2022
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2265
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A262
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3145
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A779