Vulnerability Note VU#586540
Microsoft Private Communication Technology (PCT) fails to properly validate message inputs
A vulnerability exists in the Private Communications Transport (PCT) protocol, which is part of the Microsoft Secure Sockets Layer (SSL) library. Exploitation of this vulnerability may permit a remote attacker to compromise the system. An exploit for this issue currently being used to compromise vulnerable systems running SSL-enabled IIS 5.0. Note the vulnerability exists in any SSL-enabled program which is running on vulnerable Windows systems. Windows 2003 Server is not affected if PCT is disabled.
The Private Communications Transport (PCT) protocol is part of the Microsoft Secure Sockets Layer (SSL) library. A buffer overflow vulnerability exists in the PCT that could allow a remote attacker to execute arbitrary code on the system. Only systems with SSL enabled would be vulnerable to exploitation. Microsoft has listed the following mitigating factors:
The following systems may be affected by this vulnerability:
A remote attacker may be able to execute arbitrary code on the system.
Apply a patch from the vendor
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||13 Apr 2004|
CVSS Metrics (Learn More)
Thanks to Microsoft for reporting this vulnerability.
This document was written by Jason A Rafail.
- CVE IDs: CAN-2003-0719
- Date Public: 13 Apr 2004
- Date First Published: 13 Apr 2004
- Date Last Updated: 22 Apr 2004
- Severity Metric: 40.16
- Document Revision: 4
If you have feedback, comments, or additional information about this vulnerability, please send us email.