Vulnerabilities > CVE-2003-0659 - Buffer Overrun vulnerability in Microsoft ListBox/ComboBox Control User32.dll Function
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 49 |
Exploit-Db
| description | MS Windows (ListBox/ComboBox Control) Local Exploit (MS03-045). CVE-2003-0659. Local exploit for windows platform |
| id | EDB-ID:122 |
| last seen | 2016-01-31 |
| modified | 2003-11-14 |
| published | 2003-11-14 |
| reporter | xCrZx |
| source | https://www.exploit-db.com/download/122/ |
| title | Microsoft Windows - ListBox/ComboBox Control Local Exploit MS03-045 |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS03-045.NASL |
| description | A vulnerability exists because the ListBox control and the ComboBox control both call a function, located in the User32.dll file, that contains a buffer overrun. A local, interactive attacker could run a program that sends a specially crafted Windows message to any application that has implemented the ListBox control or the ComboBox control, causing the application to take any action specified. An attacker must have valid login credentials to exploit the vulnerability. It can not be exploited remotely. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11885 |
| published | 2003-10-15 |
| reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/11885 |
| title | MS03-045: Buffer Overrun in the ListBox and in the ComboBox (824141) |
Oval
accepted 2011-05-16T04:02:18.119-04:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Jeff Cheng organization Opsware, Inc. name Brendan Miles organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application. family windows id oval:org.mitre.oval:def:201 status accepted submitted 2003-10-28T12:00:00.000-04:00 title Windows XP ComboBox/ListBox GUI Widget User32.dll Buffer Overflow version 74 accepted 2007-11-13T12:01:13.002-05:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Jeff Cheng organization Opsware, Inc.
description Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application. family windows id oval:org.mitre.oval:def:340 status accepted submitted 2003-10-16T12:00:00.000-04:00 title Windows 2000 ComboBox/ListBox GUI Widget User32.dll Buffer Overflow version 68
References
- http://marc.info/?l=bugtraq&m=106631999907035&w=2
- http://marc.info/?l=ntbugtraq&m=106632111408343&w=2
- http://www.cert.org/advisories/CA-2003-27.html
- http://www.kb.cert.org/vuls/id/967668
- http://www.securityfocus.com/bid/8827
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-045
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13424
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A201
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A340