Vulnerability Note VU#117394
Buffer Overflow in Core Microsoft Windows DLL
A buffer overflow vulnerability exists in the Win32 API libraries shipped with all versions of Microsoft Windows XP, Microsoft Windows 2000, Microsoft Windows NT 4.0, and Microsoft Windows NT 4.0 Terminal Server Edition. This vulnerability, which is being actively exploited on WebDAV-enabled IIS 5.0 servers, will allow a remote attacker to execute arbitrary code on unpatched systems. Sites running Microsoft Windows should apply a patch or disable WebDAV services as soon as possible.
Microsoft Windows contains a dynamic link library (DLL) named ntdll.dll. This DLL is a core operating system component used to interact with the Windows kernel. A buffer overflow vulnerability exists in ntdll.dll, which is utilized by many different components in the Windows operating system.
Any attacker who can reach a vulnerable web server can gain complete control of the system and execute arbitrary code in the Local System security context. Note that this may be significantly more serious than a simple "web defacement."
Apply a patch from your vendor
Disable vulnerable service
Until a patch can be applied, you may wish to disable IIS:
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||17 Mar 2003|
CVSS Metrics (Learn More)
This document was written by Ian A Finlay.
- CVE IDs: CAN-2003-0109
- CERT Advisory: CA-2003-09
- Date Public: 17 Mar 2003
- Date First Published: 17 Mar 2003
- Date Last Updated: 30 May 2003
- Severity Metric: 78.00
- Document Revision: 18
If you have feedback, comments, or additional information about this vulnerability, please send us email.