Vulnerabilities > CVE-2003-0660 - Unspecified vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 49 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS03-041.NASL |
description | The remote host contains a version of the Authenticode Verification module that could allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and entice a victim to visit this web page. An attacker may also be able to exploit the vulnerability by sending a malicious HTML email. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11886 |
published | 2003-10-15 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11886 |
title | MS03-041: Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182) |
code |
|
Oval
accepted 2011-05-16T04:01:58.071-04:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval. family windows id oval:org.mitre.oval:def:185 status accepted submitted 2003-10-29T12:00:00.000-04:00 title Automatic ActiveX Approval on WinXP Low Memory version 71 accepted 2004-03-25T12:00:00.000-04:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Tiffany Bergeron organization The MITRE Corporation
description The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval. family windows id oval:org.mitre.oval:def:198 status accepted submitted 2003-10-16T12:00:00.000-04:00 title Automatic ActiveX Approval on Windows 2000 Low Memory version 64
References
- http://www.cert.org/advisories/CA-2003-27.html
- http://www.kb.cert.org/vuls/id/838572
- http://www.securityfocus.com/bid/8830
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-041
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13422
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A185
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A198