Vulnerabilities > CVE-2003-0345 - Buffer Overflow vulnerability in Microsoft Windows 2000, Windows NT and Windows XP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 42 |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS03-024.NASL |
| description | The remote host is affected by a vulnerability in its SMB stack that could allow an authenticated attacker to corrupt the memory of this host. This may result in execution of arbitrary code on this host, or an attacker may disable this host remotely. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11787 |
| published | 2003-07-10 |
| reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/11787 |
| title | MS03-024: SMB Request Handler Buffer Overflow (817606) |
Oval
accepted 2011-05-16T04:00:28.046-04:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Anna Min organization BigFix, Inc name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required. family windows id oval:org.mitre.oval:def:118 status accepted submitted 2003-09-08T12:00:00.000-04:00 title Windows 2000 SMB Buffer Overflow version 40 accepted 2008-03-24T04:00:15.588-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation
definition_extensions comment Microsoft Windows NT is installed oval oval:org.mitre.oval:def:36 description Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required. family windows id oval:org.mitre.oval:def:146 status accepted submitted 2004-11-02T12:00:00.000-04:00 title Windows NT SMB Buffer Overflow version 44 accepted 2011-05-16T04:02:46.401-04:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required. family windows id oval:org.mitre.oval:def:3391 status accepted submitted 2004-07-19T12:00:00.000-04:00 title Windows XP SMB Buffer Overflow version 42
References
- http://secunia.com/advisories/9225
- http://securitytracker.com/id?1007154
- http://www.kb.cert.org/vuls/id/337764
- http://www.securityfocus.com/bid/8152
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-024
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12544
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A118
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A146
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3391