cvelistv5 - CVE-2003-0344

CVE-2003-0344

Vulnerability from cvelistv5

Published

2003-06-06 04:00

Modified

2024-08-08 01:50

Severity ?

Summary

Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.

References

URL	Tags
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html
cve@mitre.org	http://marc.info/?l=bugtraq&m=105476381609135&w=2
cve@mitre.org	http://secunia.com/advisories/8943
cve@mitre.org	http://www.eeye.com/html/Research/Advisories/AD20030604.html	Patch, Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/679556	US Government Resource
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=105476381609135&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/8943
af854a3a-2127-422b-91ae-364da2661108	http://www.eeye.com/html/Research/Advisories/AD20030604.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/679556	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:50:47.586Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20030604 Internet Explorer Object Type Property Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2"
          },
          {
            "name": "8943",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/8943"
          },
          {
            "name": "oval:org.mitre.oval:def:922",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922"
          },
          {
            "name": "20030709 IE Object Type Overflow Exploit",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html"
          },
          {
            "name": "MS03-020",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020"
          },
          {
            "name": "AD20030604",
            "tags": [
              "third-party-advisory",
              "x_refsource_EEYE",
              "x_transferred"
            ],
            "url": "http://www.eeye.com/html/Research/Advisories/AD20030604.html"
          },
          {
            "name": "VU#679556",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/679556"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-06-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20030604 Internet Explorer Object Type Property Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2"
        },
        {
          "name": "8943",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/8943"
        },
        {
          "name": "oval:org.mitre.oval:def:922",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922"
        },
        {
          "name": "20030709 IE Object Type Overflow Exploit",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html"
        },
        {
          "name": "MS03-020",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020"
        },
        {
          "name": "AD20030604",
          "tags": [
            "third-party-advisory",
            "x_refsource_EEYE"
          ],
          "url": "http://www.eeye.com/html/Research/Advisories/AD20030604.html"
        },
        {
          "name": "VU#679556",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/679556"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0344",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20030604 Internet Explorer Object Type Property Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2"
            },
            {
              "name": "8943",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/8943"
            },
            {
              "name": "oval:org.mitre.oval:def:922",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922"
            },
            {
              "name": "20030709 IE Object Type Overflow Exploit",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html"
            },
            {
              "name": "MS03-020",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020"
            },
            {
              "name": "AD20030604",
              "refsource": "EEYE",
              "url": "http://www.eeye.com/html/Research/Advisories/AD20030604.html"
            },
            {
              "name": "VU#679556",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/679556"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0344",
    "datePublished": "2003-06-06T04:00:00",
    "dateReserved": "2003-05-28T00:00:00",
    "dateUpdated": "2024-08-08T01:50:47.586Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*\", \"matchCriteriaId\": \"9B0F6E35-652C-4948-9FF4-DBF199B4FA21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6219D36E-9E2C-4DC7-8FD5-FAD144A333F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40F8042F-C621-45AE-9F8C-70469579643A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A19F6133-25D1-44A5-B6B9-354703436783\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer en Microsoft Internet Explorer 5.01, 5.5, y 6.0 permite que atacantes remotos ejecuten c\\u00f3digo arbitrario mediante un caracter \\\"/\\\" (barra inclinada) en la propiedad Type de un tag Object en una p\\u00e1gina web.\"}]",
      "id": "CVE-2003-0344",
      "lastModified": "2024-11-20T23:44:31.260",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2003-06-16T04:00:00.000",
      "references": "[{\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/8943\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.eeye.com/html/Research/Advisories/AD20030604.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/679556\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/8943\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.eeye.com/html/Research/Advisories/AD20030604.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/679556\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2003-0344\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2003-06-16T04:00:00.000\",\"lastModified\":\"2024-11-20T23:44:31.260\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer en Microsoft Internet Explorer 5.01, 5.5, y 6.0 permite que atacantes remotos ejecuten c\u00f3digo arbitrario mediante un caracter \\\"/\\\" (barra inclinada) en la propiedad Type de un tag Object en una p\u00e1gina web.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*\",\"matchCriteriaId\":\"9B0F6E35-652C-4948-9FF4-DBF199B4FA21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6219D36E-9E2C-4DC7-8FD5-FAD144A333F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40F8042F-C621-45AE-9F8C-70469579643A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A19F6133-25D1-44A5-B6B9-354703436783\"}]}]}],\"references\":[{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/8943\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.eeye.com/html/Research/Advisories/AD20030604.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/679556\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/8943\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.eeye.com/html/Research/Advisories/AD20030604.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/679556\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page. Versions of the OpenSSH server prior to 3.7.1 contain buffer management errors. While the full impact of these vulnerabilities are unclear, they may lead to memory corruption and a denial-of-service situation. A vulnerability exists in Microsoft's Remote Procedure Call (RPC) implementation. A remote attacker could exploit this vulnerability to cause a denial of service. An exploit for this vulnerability is publicly available. A Microsoft Windows DirectX library, quartz.dll, does not properly validate certain parameters in Musical Instrument Digital Interface (MIDI) files. A remotely exploitable vulnerability has been discovered in Internet Explorer. A remote attacker could execute arbitrary code with the privileges of the user running IE. When a web page containing an OBJECT tag using a parameter containing excessive data is encountered by a vulnerable client, a internal memory buffer will be overrun. Description

Microsoft Windows operating systems include multimedia technologies called DirectX and DirectShow. From Microsoft Security Bulletin MS03-030, "DirectX consists of a set of low-level Application Programming Interfaces (APIs) that are used by Windows programs for multimedia support.

Any application that uses DirectX/DirectShow to process MIDI files may be affected by this vulnerability. Of particular concern, Internet Explorer (IE) uses the Windows Media Player ActiveX control and quartz.dll to handle MIDI files embedded in HTML documents. An attacker could therefore exploit this vulnerability by convincing a victim to view an HTML document, such as a web page or an HTML email message, that contains an embedded MIDI file. Note that in addition to IE, a number of applications, including Outlook, Outlook Express, Eudora, AOL, Lotus Notes, and Adobe PhotoDeluxe, use the WebBrowser ActiveX control to interpret HTML documents.

Further technical details are available in eEye Digital Security advisory AD20030723. Common Vulnerabilities and Exposures (CVE) refers to these vulnerabilities as CAN-2003-0346.

Disable embedded MIDI files

Change the Run ActiveX controls and plug-ins security setting to Disable in the Internet zone and the zone(s) used by Outlook, Outlook Express, and any other application that uses the WebBrowser ActiveX control to render HTML. This modification will prevent MIDI files from being automatically loaded from HTML documents. This workaround is not a complete solution and will not prevent attacks that attempt to load MIDI files directly.

Instructions for modifying IE security zone settings can be found in the CERT/CC Malicious Web Scripts FAQ. References

 * CERT/CC Vulnerability Note VU#561284 -
   http://www.kb.cert.org/vuls/id/561284
 * CERT/CC Vulnerability Note VU#265232 -
   http://www.kb.cert.org/vuls/id/265232
 * eEye Digital Security advisory AD20030723 -
   http://www.eeye.com/html/Research/Advisories/AD20030723.html
 * Microsoft Security Bulletin MS03-030 -
   http://microsoft.com/technet/security/bulletin/MS03-030.asp
 * Microsoft Knowledge Base article 819696 -
   http://support.microsoft.com/default.aspx?scid=kb;en-us;819696
 _________________________________________________________________

These vulnerabilities were researched and reported by eEye Digital Security. ___________

Feedback can be directed to the author, Art Manion. -----BEGIN PGP SIGNED MESSAGE-----

CERT Summary CS-2003-04

November 24, 2003

Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT Summary to draw attention to the types of attacks reported to our incident response team, as well as other noteworthy incident and vulnerability information. The summary includes pointers to sources of information for dealing with the problems.

Past CERT summaries are available from:

      CERT Summaries
      http://www.cert.org/summaries/

Recent Activity

Since the last regularly scheduled CERT summary, issued in September 2003 (CS-2003-03), we have documented vulnerabilities in the Microsoft Windows Workstation Service, RPCSS Service, and Exchange.

For more current information on activity being reported to the CERT/CC, please visit the CERT/CC Current Activity page. The Current Activity page is a regularly updated summary of the most frequent, high-impact types of security incidents and vulnerabilities being reported to the CERT/CC. The information on the Current Activity page is reviewed and updated as reporting trends change.

      CERT/CC Current Activity
      http://www.cert.org/current/current_activity.html


1. W32/Mimail Variants

   The  CERT/CC  has  received reports of several new variants of the
   'Mimail'  worm. The most recent variant of the worm (W32/Mimail.J)
   arrives  as  an  email  message  alleging  to  be  from the Paypal
   financial   service.  The  message  requests  that  the  recipient
   'verify'  their  account  information to prevent the suspension of
   their  Paypal account. Attached to the email is an executable file
   which  captures  this  information (if entered), and sends it to a
   number of email addresses.

            Current Activity - November 19, 2003
            http://www.cert.org/current/archive/2003/11/19/archive.html#mimaili


2.

            CERT Advisory CA-2003-28
    Buffer Overflow in Windows Workstation Service
            http://www.cert.org/advisories/CA-2003-28.html

            Vulnerability Note VU#567620
    Microsoft Windows Workstation service vulnerable to 
    buffer overflow when sent specially crafted network
    message
            http://www.kb.cert.org/vuls/id/567620


3.

            CERT Advisory CA-2003-27
    Multiple Vulnerabilities in Microsoft Windows and 
    Exchange
            http://www.cert.org/advisories/CA-2003-27.html

            Vulnerability Note VU#575892
    Buffer overflow in Microsoft Windows Messenger Service
            http://www.kb.cert.org/vuls/id/575892

            Vulnerability Note VU#422156
    Microsoft Exchange Server fails to properly handle
    specially crafted SMTP extended verb requests
            http://www.kb.cert.org/vuls/id/422156

            Vulnerability Note VU#467036
    Microsoft Windows Help and support Center contains buffer
    overflow in code used to handle HCP protocol
            http://www.kb.cert.org/vuls/id/467036

            Vulnerability Note VU#989932
    Microsoft Windows contains buffer overflow in Local 
    Troubleshooter ActiveX control (Tshoot.ocx)
            http://www.kb.cert.org/vuls/id/989932

            Vulnerability Note VU#838572
    Microsoft Windows Authenticode mechanism installs ActiveX
    controls without prompting user
            http://www.kb.cert.org/vuls/id/838572

            Vulnerability Note VU#435444
    Microsoft Outlook Web Access (OWA) contains cross-site
    scripting vulnerability in the "Compose New Message" form
            http://www.kb.cert.org/vuls/id/435444

            Vulnerability Note VU#967668
    Microsoft Windows ListBox and ComboBox controls vulnerable
    to buffer overflow when supplied crafted Windows message
            http://www.kb.cert.org/vuls/id/967668


4. Multiple Vulnerabilities in SSL/TLS Implementations

   Multiple  vulnerabilities  exist in the Secure Sockets Layer (SSL)
   and  Transport Layer Security (TLS) protocols allowing an attacker
   to execute arbitrary code or cause a denial-of-service condition.

            CERT Advisory CA-2003-26
    Multiple  Vulnerabilities in SSL/TLS Implementations
            http://www.cert.org/advisories/CA-2003-26.html

            Vulnerability Note VU#935264
    OpenSSL ASN.1 parser insecure memory deallocation
            http://www.kb.cert.org/vuls/id/935264

            Vulnerability Note VU#255484
    OpenSSL contains integer overflow handling ASN.1 tags (1)
            http://www.kb.cert.org/vuls/id/255484

            Vulnerability Note VU#380864
    OpenSSL contains integer overflow handling ASN.1 tags (2)
            http://www.kb.cert.org/vuls/id/380864

            Vulnerability Note VU#686224
    OpenSSL does not securely handle invalid public key when
    configured to ignore errors
            http://www.kb.cert.org/vuls/id/686224

            Vulnerability Note VU#732952
    OpenSSL accepts unsolicited client certificate messages
            http://www.kb.cert.org/vuls/id/732952

            Vulnerability Note VU#104280
    Multiple vulnerabilities in SSL/TLS implementations
            http://www.kb.cert.org/vuls/id/104280

            Vulnerability Note VU#412478
    OpenSSL 0.9.6k does not properly handle ASN.1 sequences
            http://www.kb.cert.org/vuls/id/412478


5. These attacks include the
   installation  of tools for launching distributed denial-of-service
   (DDoS)   attacks,   providing   generic  proxy  services,  reading
   sensitive  information  from  the  Windows  registry,  and using a
   victim   system's  modem  to  dial  pay-per-minute  services.  The
   vulnerability  described in VU#865940 exists due to an interaction
   between  IE's  MIME  type  processing  and the way it handles HTML
   application (HTA) files embedded in OBJECT tags. W32/Swen.A Worm

   On  September  19,  the  CERT/CC began receiving a large volume of
   reports  of  a  mass  mailing  worm,  referred  to  as W32/Swen.A,
   spreading on the Internet. Similar to W32/Gibe.B in function, this
   worm  arrives as an attachment claiming to be a Microsoft Internet
   Explorer  Update  or  a  delivery  failure  notice from qmail. The
   W32/Swen.A  worm  requires a user to execute the attachment either
   manually or by using an email client that will open the attachment
   automatically.  Upon  opening the attachment, the worm attempts to
   mail  itself  to  all  email addresses it finds on the system. The
   CERT/CC  updated  the  current  activity  page  to contain further
   information on this worm.

            Current Activity - September 19, 2003
            http://www.cert.org/current/archive/2003/09/19/archive.html#swena


7. Buffer Overflow in Sendmail

   Sendmail,  a widely deployed mail transfer agent (MTA), contains a
   vulnerability  that  could  allow an attacker to execute arbitrary
   code with the privileges of the sendmail daemon, typically root.

            CERT Advisory CA-2003-25
    Buffer Overflow in Sendmail
            http://www.cert.org/advisories/CA-2003-25.html

            Vulnerability Note VU#784980
    Sendmail prescan() buffer overflow vulnerability
            http://www.kb.cert.org/vuls/id/784980


8. RPCSS Vulnerabilities in Microsoft Windows

   On  September  10,  the  CERT/CC reported on three vulnerabilities
   that  affect  numerous versions of Microsoft Windows, two of which
   are  remotely  exploitable  buffer  overflows that may an allow an
   attacker to execute code with system privileges.

            CERT Advisory CA-2003-23
    RPCSS Vulnerabilities in Microsoft Windows
            http://www.cert.org/advisories/CA-2003-23.html

            Vulnerability Note VU#483492
    Microsoft Windows RPCSS Service contains heap overflow in
    DCOM activation routines
            http://www.kb.cert.org/vuls/id/483492

            Vulnerability Note VU#254236
    Microsoft Windows RPCSS Service contains heap overflow in
    DCOM request filename handling
            http://www.kb.cert.org/vuls/id/254236

            Vulnerability Note VU#326746
    Microsoft Windows RPC service vulnerable to 
    denial of service
            http://www.kb.cert.org/vuls/id/326746

New CERT Coordination Center (CERT/CC) PGP Key

On October 15, the CERT/CC issued a new PGP key, which should be used when sending sensitive information to the CERT/CC.

      CERT/CC PGP Public Key
      https://www.cert.org/pgp/cert_pgp_key.asc

      Sending Sensitive Information to the CERT/CC
      https://www.cert.org/contact_cert/encryptmail.html

What's New and Updated

Since the last CERT Summary, we have published new and updated * Advisories http://www.cert.org/advisories/ * Vulnerability Notes http://www.kb.cert.org/vuls * CERT/CC Statistics http://www.cert.org/stats/cert_stats.html * Congressional Testimony http://www.cert.org/congressional_testimony * Training Schedule http://www.cert.org/training/ * CSIRT Development http://www.cert.org/csirts/

This document is available from: http://www.cert.org/summaries/CS-2003-04.html

CERT/CC Contact Information

Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.

CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.

Using encryption

We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key

If you prefer to use DES, please call the CERT hotline for more information.

Getting security information

CERT publications and other security information are available from our web site http://www.cert.org/

To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message

subscribe cert-advisory

"CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.

NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement.

Conditions for use, disclaimers, and sponsorship information

-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8

iQCVAwUBP8JVOZZ2NNT/dVAVAQGL9wP+I18NJBUBuv7b0pam5La7E7qOQFMn5n78 7i0gBX/dKgaY5siM6jBYYwCbbA7Y0/Jwtby2zHp1s8RHZY5/3JEzElfv4TLlR8rT rb8gJDbpan2JWA6xH9IzqZaSrxrXpNypwU2wWxR2osmbYl8FdV0rD3ZYXJjyi+nU UENALuNdthA= =DD60 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE-----

CERT Advisory CA-2003-19 Exploitation of Vulnerabilities in Microsoft RPC Interface

Original issue date: July 31, 2003 Last revised: - Source: CERT/CC

A complete revision history is at the end of this file.

I. Known exploits target TCP port 135 and create a privileged backdoor command shell on successfully compromised hosts. Some versions of the exploit use TCP port 4444 for the backdoor, and other versions use a TCP port number specified by the intruder at run-time. We have also received reports of scanning activity for common backdoor ports such as 4444/TCP. In some cases, due to the RPC service terminating, a compromised system may reboot after the backdoor is accessed by an intruder. Based on current information, we believe this vulnerability is separate and independent from the RPC vulnerability addressed in MS03-026. The CERT/CC is tracking this additional vulnerability as VU#326746 and is continuing to work to understand the issue and mitigation strategies.

In both of the attacks described above, a TCP session to port 135 is used to execute the attack. However, access to TCP ports 139 and 445 may also provide attack vectors and should be considered when applying mitigation strategies.

II.

III. Solutions

Apply patches

All users are encouraged to apply the patches referred to in Microsoft Security Bulletin MS03-026 as soon as possible in order to mitigate the vulnerability described in VU#568148. These patches are also available via Microsoft's Windows Update service.

Systems running Windows 2000 may still be vulnerable to at least a denial of service attack via VU#326746 if their DCOM RPC service is available via the network. Therefore, sites are encouraged to use the packet filtering tips below in addition to applying the patches supplied in MS03-026.

Filter network traffic

Sites are encouraged to block network access to the RPC service at network borders. This can minimize the potential of denial-of-service attacks originating from outside the perimeter. The specific services that should be blocked include * 135/TCP * 135/UDP * 139/TCP * 139/UDP * 445/TCP * 445/UDP

If access cannot be blocked for all external hosts, the CERT/CC recommends limiting access to only those hosts that require it for normal operation. As a general rule, the CERT/CC recommends filtering all types of network traffic that are not required for normal operation.

Because current exploits for VU#568148 create a backdoor, which is in some cases 4444/TCP, blocking inbound TCP sessions to ports on which no legitimate services are provided may limit intruder access to compromised hosts.

Recovering from a system compromise

If you believe a system under your administrative control has been compromised, please follow the steps outlined in

      Steps for Recovering from a UNIX or NT System Compromise

Reporting

The CERT/CC is tracking activity related to exploitation of the first vulnerability (VU#568148) as CERT#27479 and the second vulnerability (VU#326746) as CERT#24523. Relevant artifacts or activity can be sent to cert@cert.org with the appropriate CERT# in the subject line.

Appendix A. Vendor Information

This appendix contains information provided by vendors. If a vendor is not listed below, we have not received their comments.

Microsoft

 Please see Microsoft Security Bulletin MS03-026.

Appendix B

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200306-0042",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 4.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "internet explorer",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "5.5"
      },
      {
        "model": "internet explorer",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "5.01"
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": "ie",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "internet explorer",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security ab",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cray",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cyclades",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "debian linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "f secure",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "foundry",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "guardian digital",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm eserver",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ingrian",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mirapoint",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "network appliance",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nokia",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openssh",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "riverstone",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "tfs",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "internet explorer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6"
      },
      {
        "model": "windows server 2003",
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "ie",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "5.5"
      },
      {
        "model": "ie",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "5.01"
      },
      {
        "model": "internet explorer sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "5.0.1"
      },
      {
        "model": "internet explorer sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "5.0.1"
      },
      {
        "model": "internet explorer sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "5.0.1"
      },
      {
        "model": "internet explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "5.0.1"
      },
      {
        "model": "internet explorer sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "internet explorer sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "5.5"
      },
      {
        "model": "internet explorer sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "5.5"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#333628"
      },
      {
        "db": "CERT/CC",
        "id": "VU#813208"
      },
      {
        "db": "CERT/CC",
        "id": "VU#326746"
      },
      {
        "db": "CERT/CC",
        "id": "VU#561284"
      },
      {
        "db": "CERT/CC",
        "id": "VU#679556"
      },
      {
        "db": "CERT/CC",
        "id": "VU#334928"
      },
      {
        "db": "BID",
        "id": "7806"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000168"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200306-069"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0344"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0344"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Derek Soeder\u203b dsoeder@eeye.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200306-069"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2003-0344",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2003-0344",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 1.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2003-0344",
            "trust": 1.8,
            "value": "High"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#333628",
            "trust": 0.8,
            "value": "28.98"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#813208",
            "trust": 0.8,
            "value": "3.65"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#326746",
            "trust": 0.8,
            "value": "27.00"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#561284",
            "trust": 0.8,
            "value": "29.84"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#679556",
            "trust": 0.8,
            "value": "17.47"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#334928",
            "trust": 0.8,
            "value": "7.09"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200306-069",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#333628"
      },
      {
        "db": "CERT/CC",
        "id": "VU#813208"
      },
      {
        "db": "CERT/CC",
        "id": "VU#326746"
      },
      {
        "db": "CERT/CC",
        "id": "VU#561284"
      },
      {
        "db": "CERT/CC",
        "id": "VU#679556"
      },
      {
        "db": "CERT/CC",
        "id": "VU#334928"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000168"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200306-069"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0344"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page. Versions of the OpenSSH server prior to 3.7.1 contain buffer management errors. While the full impact of these vulnerabilities are unclear, they may lead to memory corruption and a denial-of-service situation. A vulnerability exists in Microsoft\u0027s Remote Procedure Call (RPC) implementation. A remote attacker could exploit this vulnerability to cause a denial of service. An exploit for this vulnerability is publicly available. A Microsoft Windows DirectX library, quartz.dll, does not properly validate certain parameters in Musical Instrument Digital Interface (MIDI) files. A remotely exploitable vulnerability has been discovered in Internet Explorer.  A remote attacker could execute arbitrary code with the privileges of the user running IE.  When a web page containing an OBJECT tag using a parameter containing excessive data is encountered by a vulnerable client, a internal memory buffer will be overrun. Description\n\n   Microsoft  Windows  operating  systems include multimedia technologies\n   called  DirectX  and  DirectShow.  From  Microsoft  Security  Bulletin\n   MS03-030,   \"DirectX  consists  of  a  set  of  low-level  Application\n   Programming  Interfaces  (APIs)  that are used by Windows programs for\n   multimedia support. \n\n   Any application that uses DirectX/DirectShow to process MIDI files may\n   be  affected  by  this  vulnerability. Of particular concern, Internet\n   Explorer  (IE)  uses  the  Windows  Media  Player  ActiveX control and\n   quartz.dll  to  handle  MIDI  files  embedded  in  HTML  documents. An\n   attacker  could  therefore  exploit this vulnerability by convincing a\n   victim  to  view an HTML document, such as a web page or an HTML email\n   message, that contains an embedded MIDI file. Note that in addition to\n   IE,  a  number  of  applications,  including Outlook, Outlook Express,\n   Eudora,  AOL,  Lotus  Notes, and Adobe PhotoDeluxe, use the WebBrowser\n   ActiveX control to interpret HTML documents. \n\n   Further  technical  details  are  available  in  eEye Digital Security\n   advisory AD20030723. Common Vulnerabilities and Exposures (CVE) refers\n   to these vulnerabilities as CAN-2003-0346. \n\nDisable embedded MIDI files\n\n   Change  the  Run  ActiveX  controls  and  plug-ins security setting to\n   Disable  in the Internet zone and the zone(s) used by Outlook, Outlook\n   Express,  and  any  other application that uses the WebBrowser ActiveX\n   control to render HTML. This modification will prevent MIDI files from\n   being automatically loaded from HTML documents. This workaround is not\n   a  complete solution and will not prevent attacks that attempt to load\n   MIDI files directly. \n\n   Instructions  for  modifying IE security zone settings can be found in\n   the CERT/CC Malicious Web Scripts FAQ. References\n\n     * CERT/CC Vulnerability Note VU#561284 -\n       http://www.kb.cert.org/vuls/id/561284\n     * CERT/CC Vulnerability Note VU#265232 -\n       http://www.kb.cert.org/vuls/id/265232\n     * eEye Digital Security advisory AD20030723 -\n       http://www.eeye.com/html/Research/Advisories/AD20030723.html\n     * Microsoft Security Bulletin MS03-030 -\n       http://microsoft.com/technet/security/bulletin/MS03-030.asp\n     * Microsoft Knowledge Base article 819696 -\n       http://support.microsoft.com/default.aspx?scid=kb;en-us;819696\n     _________________________________________________________________\n\n   These  vulnerabilities were  researched and reported by  eEye  Digital\n   Security. \n     _________________________________________________________________\n\n   Feedback can be directed to the author, Art Manion. \n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Summary CS-2003-04\n\n   November 24, 2003\n\n   Each  quarter, the CERT Coordination Center (CERT/CC) issues the CERT\n   Summary  to  draw  attention  to  the types of attacks reported to our\n   incident  response  team,  as  well  as  other noteworthy incident and\n   vulnerability information. The summary includes pointers to sources of\n   information for dealing with the problems. \n\n   Past CERT summaries are available from:\n\n          CERT Summaries\n          http://www.cert.org/summaries/\n   ______________________________________________________________________\n\nRecent Activity\n\n   Since  the  last regularly scheduled CERT summary, issued in September\n   2003 (CS-2003-03), we have documented vulnerabilities in the Microsoft\n   Windows Workstation Service, RPCSS Service, and Exchange. \n\n   For  more  current  information  on  activity  being  reported  to the\n   CERT/CC,  please  visit the CERT/CC Current Activity page. The Current\n   Activity  page  is  a  regularly updated summary of the most frequent,\n   high-impact  types  of  security  incidents  and vulnerabilities being\n   reported  to the CERT/CC. The information on the Current Activity page\n   is reviewed and updated as reporting trends change. \n\n          CERT/CC Current Activity\n          http://www.cert.org/current/current_activity.html\n\n\n    1. W32/Mimail Variants\n\n       The  CERT/CC  has  received reports of several new variants of the\n       \u0027Mimail\u0027  worm. The most recent variant of the worm (W32/Mimail.J)\n       arrives  as  an  email  message  alleging  to  be  from the Paypal\n       financial   service.  The  message  requests  that  the  recipient\n       \u0027verify\u0027  their  account  information to prevent the suspension of\n       their  Paypal account. Attached to the email is an executable file\n       which  captures  this  information (if entered), and sends it to a\n       number of email addresses. \n\n                Current Activity - November 19, 2003\n                http://www.cert.org/current/archive/2003/11/19/archive.html#mimaili\n\n\n    2. \n\n                CERT Advisory CA-2003-28\n\t\tBuffer Overflow in Windows Workstation Service\n                http://www.cert.org/advisories/CA-2003-28.html\n\n                Vulnerability Note VU#567620\n\t\tMicrosoft Windows Workstation service vulnerable to \n\t\tbuffer overflow when sent specially crafted network\n\t\tmessage\n                http://www.kb.cert.org/vuls/id/567620\n\n\n    3. \n\n                CERT Advisory CA-2003-27\n\t\tMultiple Vulnerabilities in Microsoft Windows and \n\t\tExchange\n                http://www.cert.org/advisories/CA-2003-27.html\n\n                Vulnerability Note VU#575892\n\t\tBuffer overflow in Microsoft Windows Messenger Service\n                http://www.kb.cert.org/vuls/id/575892\n\n                Vulnerability Note VU#422156\n\t\tMicrosoft Exchange Server fails to properly handle\n\t\tspecially crafted SMTP extended verb requests\n                http://www.kb.cert.org/vuls/id/422156\n\n                Vulnerability Note VU#467036\n\t\tMicrosoft Windows Help and support Center contains buffer\n\t\toverflow in code used to handle HCP protocol\n                http://www.kb.cert.org/vuls/id/467036\n\n                Vulnerability Note VU#989932\n\t\tMicrosoft Windows contains buffer overflow in Local \n\t\tTroubleshooter ActiveX control (Tshoot.ocx)\n                http://www.kb.cert.org/vuls/id/989932\n\n                Vulnerability Note VU#838572\n\t\tMicrosoft Windows Authenticode mechanism installs ActiveX\n\t\tcontrols without prompting user\n                http://www.kb.cert.org/vuls/id/838572\n\n                Vulnerability Note VU#435444\n\t\tMicrosoft Outlook Web Access (OWA) contains cross-site\n\t\tscripting vulnerability in the \"Compose New Message\" form\n                http://www.kb.cert.org/vuls/id/435444\n\n                Vulnerability Note VU#967668\n\t\tMicrosoft Windows ListBox and ComboBox controls vulnerable\n\t\tto buffer overflow when supplied crafted Windows message\n                http://www.kb.cert.org/vuls/id/967668\n\n\n    4. Multiple Vulnerabilities in SSL/TLS Implementations\n\n       Multiple  vulnerabilities  exist in the Secure Sockets Layer (SSL)\n       and  Transport Layer Security (TLS) protocols allowing an attacker\n       to execute arbitrary code or cause a denial-of-service condition. \n\n                CERT Advisory CA-2003-26\n\t\tMultiple  Vulnerabilities in SSL/TLS Implementations\n                http://www.cert.org/advisories/CA-2003-26.html\n\n                Vulnerability Note VU#935264\n\t\tOpenSSL ASN.1 parser insecure memory deallocation\n                http://www.kb.cert.org/vuls/id/935264\n\n                Vulnerability Note VU#255484\n\t\tOpenSSL contains integer overflow handling ASN.1 tags (1)\n                http://www.kb.cert.org/vuls/id/255484\n\n                Vulnerability Note VU#380864\n\t\tOpenSSL contains integer overflow handling ASN.1 tags (2)\n                http://www.kb.cert.org/vuls/id/380864\n\n                Vulnerability Note VU#686224\n\t\tOpenSSL does not securely handle invalid public key when\n\t\tconfigured to ignore errors\n                http://www.kb.cert.org/vuls/id/686224\n\n                Vulnerability Note VU#732952\n\t\tOpenSSL accepts unsolicited client certificate messages\n                http://www.kb.cert.org/vuls/id/732952\n\n                Vulnerability Note VU#104280\n\t\tMultiple vulnerabilities in SSL/TLS implementations\n                http://www.kb.cert.org/vuls/id/104280\n\n                Vulnerability Note VU#412478\n\t\tOpenSSL 0.9.6k does not properly handle ASN.1 sequences\n                http://www.kb.cert.org/vuls/id/412478\n\n\n    5. These attacks include the\n       installation  of tools for launching distributed denial-of-service\n       (DDoS)   attacks,   providing   generic  proxy  services,  reading\n       sensitive  information  from  the  Windows  registry,  and using a\n       victim   system\u0027s  modem  to  dial  pay-per-minute  services.  The\n       vulnerability  described in VU#865940 exists due to an interaction\n       between  IE\u0027s  MIME  type  processing  and the way it handles HTML\n       application (HTA) files embedded in OBJECT tags. W32/Swen.A Worm\n\n       On  September  19,  the  CERT/CC began receiving a large volume of\n       reports  of  a  mass  mailing  worm,  referred  to  as W32/Swen.A,\n       spreading on the Internet. Similar to W32/Gibe.B in function, this\n       worm  arrives as an attachment claiming to be a Microsoft Internet\n       Explorer  Update  or  a  delivery  failure  notice from qmail. The\n       W32/Swen.A  worm  requires a user to execute the attachment either\n       manually or by using an email client that will open the attachment\n       automatically.  Upon  opening the attachment, the worm attempts to\n       mail  itself  to  all  email addresses it finds on the system. The\n       CERT/CC  updated  the  current  activity  page  to contain further\n       information on this worm. \n\n                Current Activity - September 19, 2003\n                http://www.cert.org/current/archive/2003/09/19/archive.html#swena\n\n\n    7. Buffer Overflow in Sendmail\n\n       Sendmail,  a widely deployed mail transfer agent (MTA), contains a\n       vulnerability  that  could  allow an attacker to execute arbitrary\n       code with the privileges of the sendmail daemon, typically root. \n\n                CERT Advisory CA-2003-25\n\t\tBuffer Overflow in Sendmail\n                http://www.cert.org/advisories/CA-2003-25.html\n\n                Vulnerability Note VU#784980\n\t\tSendmail prescan() buffer overflow vulnerability\n                http://www.kb.cert.org/vuls/id/784980\n\n\n    8. RPCSS Vulnerabilities in Microsoft Windows\n\n       On  September  10,  the  CERT/CC reported on three vulnerabilities\n       that  affect  numerous versions of Microsoft Windows, two of which\n       are  remotely  exploitable  buffer  overflows that may an allow an\n       attacker to execute code with system privileges. \n\n                CERT Advisory CA-2003-23\n\t\tRPCSS Vulnerabilities in Microsoft Windows\n                http://www.cert.org/advisories/CA-2003-23.html\n\n                Vulnerability Note VU#483492\n\t\tMicrosoft Windows RPCSS Service contains heap overflow in\n\t\tDCOM activation routines\n                http://www.kb.cert.org/vuls/id/483492\n\n                Vulnerability Note VU#254236\n\t\tMicrosoft Windows RPCSS Service contains heap overflow in\n\t\tDCOM request filename handling\n                http://www.kb.cert.org/vuls/id/254236\n\n                Vulnerability Note VU#326746\n\t\tMicrosoft Windows RPC service vulnerable to \n\t\tdenial of service\n                http://www.kb.cert.org/vuls/id/326746\n   ______________________________________________________________________\n\nNew CERT Coordination Center (CERT/CC) PGP Key\n\n   On  October 15, the CERT/CC issued a new PGP key, which should be used\n   when sending sensitive information to the CERT/CC. \n\n          CERT/CC PGP Public Key\n          https://www.cert.org/pgp/cert_pgp_key.asc\n\n          Sending Sensitive Information to the CERT/CC\n          https://www.cert.org/contact_cert/encryptmail.html\n   ______________________________________________________________________\n\nWhat\u0027s New and Updated\n\n   Since the last CERT Summary, we have published new and updated\n     * Advisories\n       http://www.cert.org/advisories/\n     * Vulnerability Notes\n       http://www.kb.cert.org/vuls\n     * CERT/CC Statistics\n       http://www.cert.org/stats/cert_stats.html\n     * Congressional Testimony\n       http://www.cert.org/congressional_testimony\n     * Training Schedule\n       http://www.cert.org/training/\n     * CSIRT Development\n       http://www.cert.org/csirts/\n   ______________________________________________________________________\n\n   This document is available from:\n   http://www.cert.org/summaries/CS-2003-04.html\n   ______________________________________________________________________\n\nCERT/CC Contact Information\n\n   Email: cert@cert.org\n          Phone: +1 412-268-7090 (24-hour hotline)\n          Fax: +1 412-268-6989\n          Postal address:\n          CERT Coordination Center\n          Software Engineering Institute\n          Carnegie Mellon University\n          Pittsburgh PA 15213-3890\n          U.S.A. \n\n   CERT/CC   personnel   answer  the  hotline  08:00-17:00  EST(GMT-5)  /\n   EDT(GMT-4)  Monday  through  Friday;  they are on call for emergencies\n   during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n   We  strongly  urge you to encrypt sensitive information sent by email. \n   Our public PGP key is available from\n   http://www.cert.org/CERT_PGP.key\n\n   If  you  prefer  to  use  DES,  please  call the CERT hotline for more\n   information. \n\nGetting security information\n\n   CERT  publications  and  other security information are available from\n   our web site\n   http://www.cert.org/\n\n   To  subscribe  to  the CERT mailing list for advisories and bulletins,\n   send  email  to majordomo@cert.org. Please include in the body of your\n   message\n\n   subscribe cert-advisory\n\n   *  \"CERT\"  and  \"CERT  Coordination Center\" are registered in the U.S. \n   Patent and Trademark Office. \n   ______________________________________________________________________\n\n   NO WARRANTY\n   Any  material furnished by Carnegie Mellon University and the Software\n   Engineering  Institute  is  furnished  on  an  \"as is\" basis. Carnegie\n   Mellon University makes no warranties of any kind, either expressed or\n   implied  as  to  any matter including, but not limited to, warranty of\n   fitness  for  a  particular purpose or merchantability, exclusivity or\n   results  obtained from use of the material. Carnegie Mellon University\n   does  not  make  any warranty of any kind with respect to freedom from\n   patent, trademark, or copyright infringement. \n   ______________________________________________________________________\n\n   Conditions for use, disclaimers, and sponsorship information\n\n   Copyright \\xa92003 Carnegie Mellon University. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBP8JVOZZ2NNT/dVAVAQGL9wP+I18NJBUBuv7b0pam5La7E7qOQFMn5n78\n7i0gBX/dKgaY5siM6jBYYwCbbA7Y0/Jwtby2zHp1s8RHZY5/3JEzElfv4TLlR8rT\nrb8gJDbpan2JWA6xH9IzqZaSrxrXpNypwU2wWxR2osmbYl8FdV0rD3ZYXJjyi+nU\nUENALuNdthA=\n=DD60\n-----END PGP SIGNATURE-----\n. \n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2003-19 Exploitation of Vulnerabilities in Microsoft RPC\nInterface\n\n   Original issue date: July 31, 2003\n   Last revised: -\n   Source: CERT/CC\n\n   A complete revision history is at the end of this file. \n\nI.  Known  exploits  target  TCP  port  135  and  create a\n   privileged  backdoor  command shell on successfully compromised hosts. \n   Some  versions  of the exploit use TCP port 4444 for the backdoor, and\n   other  versions  use  a  TCP  port number specified by the intruder at\n   run-time.  We  have  also  received  reports  of scanning activity for\n   common  backdoor ports such as 4444/TCP. In some cases, due to the RPC\n   service  terminating,  a  compromised  system  may  reboot  after  the\n   backdoor is accessed by an intruder. Based on\n   current  information,  we  believe  this vulnerability is separate and\n   independent  from  the  RPC  vulnerability  addressed in MS03-026. The\n   CERT/CC  is tracking this additional vulnerability as VU#326746 and is\n   continuing  to work to understand the issue and mitigation strategies. \n\n   In  both  of the attacks described above, a TCP session to port 135 is\n   used  to  execute the attack. However, access to TCP ports 139 and 445\n   may also provide attack vectors and should be considered when applying\n   mitigation strategies. \n\nII. \n\nIII. Solutions\n\nApply patches\n\n   All users are encouraged to apply the patches referred to in Microsoft\n   Security  Bulletin  MS03-026  as soon as possible in order to mitigate\n   the  vulnerability  described  in  VU#568148.  These  patches are also\n   available via Microsoft\u0027s Windows Update service. \n\n   Systems  running  Windows  2000  may still be vulnerable to at least a\n   denial  of  service  attack via VU#326746 if their DCOM RPC service is\n   available  via the network. Therefore, sites are encouraged to use the\n   packet  filtering  tips  below  in  addition  to  applying the patches\n   supplied in MS03-026. \n\nFilter network traffic\n\n   Sites  are  encouraged  to  block network access to the RPC service at\n   network  borders. This can minimize the potential of denial-of-service\n   attacks  originating from outside the perimeter. The specific services\n   that should be blocked include\n     * 135/TCP\n     * 135/UDP\n     * 139/TCP\n     * 139/UDP\n     * 445/TCP\n     * 445/UDP\n\n   If  access  cannot  be  blocked  for  all  external hosts, the CERT/CC\n   recommends  limiting  access  to  only those hosts that require it for\n   normal  operation. As a general rule, the CERT/CC recommends filtering\n   all  types  of  network  traffic  that  are  not  required  for normal\n   operation. \n\n   Because  current exploits for VU#568148 create a backdoor, which is in\n   some  cases  4444/TCP, blocking inbound TCP sessions to ports on which\n   no  legitimate  services  are  provided  may  limit intruder access to\n   compromised hosts. \n\nRecovering from a system compromise\n\n   If  you  believe  a  system under your administrative control has been\n   compromised, please follow the steps outlined in\n\n          Steps for Recovering from a UNIX or NT System Compromise\n\nReporting\n\n   The  CERT/CC is tracking activity related to exploitation of the first\n   vulnerability  (VU#568148)  as CERT#27479 and the second vulnerability\n   (VU#326746)  as CERT#24523. Relevant artifacts or activity can be sent\n   to cert@cert.org with the appropriate CERT# in the subject line. \n\nAppendix A. Vendor Information\n\n   This  appendix  contains information provided by vendors. If a vendor is not listed below, we\n   have not received their comments. \n\nMicrosoft\n\n     Please see Microsoft Security Bulletin MS03-026. \n\nAppendix B",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0344"
      },
      {
        "db": "CERT/CC",
        "id": "VU#333628"
      },
      {
        "db": "CERT/CC",
        "id": "VU#813208"
      },
      {
        "db": "CERT/CC",
        "id": "VU#326746"
      },
      {
        "db": "CERT/CC",
        "id": "VU#561284"
      },
      {
        "db": "CERT/CC",
        "id": "VU#679556"
      },
      {
        "db": "CERT/CC",
        "id": "VU#334928"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000168"
      },
      {
        "db": "BID",
        "id": "7806"
      },
      {
        "db": "PACKETSTORM",
        "id": "31444"
      },
      {
        "db": "PACKETSTORM",
        "id": "32268"
      },
      {
        "db": "PACKETSTORM",
        "id": "31490"
      }
    ],
    "trust": 6.48
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#679556",
        "trust": 3.2
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0344",
        "trust": 2.7
      },
      {
        "db": "SECUNIA",
        "id": "8943",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "7806",
        "trust": 1.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#813208",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#334928",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#326746",
        "trust": 1.0
      },
      {
        "db": "CERT/CC",
        "id": "VU#561284",
        "trust": 1.0
      },
      {
        "db": "CERT/CC",
        "id": "VU#333628",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "10156",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "12970",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000168",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200306-069",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#265232",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "31444",
        "trust": 0.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#784980",
        "trust": 0.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#575892",
        "trust": 0.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#254236",
        "trust": 0.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484",
        "trust": 0.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#865940",
        "trust": 0.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#467036",
        "trust": 0.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864",
        "trust": 0.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#838572",
        "trust": 0.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#422156",
        "trust": 0.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#412478",
        "trust": 0.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264",
        "trust": 0.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224",
        "trust": 0.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#483492",
        "trust": 0.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#104280",
        "trust": 0.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#567620",
        "trust": 0.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#989932",
        "trust": 0.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#967668",
        "trust": 0.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#435444",
        "trust": 0.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "32268",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "31490",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#333628"
      },
      {
        "db": "CERT/CC",
        "id": "VU#813208"
      },
      {
        "db": "CERT/CC",
        "id": "VU#326746"
      },
      {
        "db": "CERT/CC",
        "id": "VU#561284"
      },
      {
        "db": "CERT/CC",
        "id": "VU#679556"
      },
      {
        "db": "CERT/CC",
        "id": "VU#334928"
      },
      {
        "db": "BID",
        "id": "7806"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000168"
      },
      {
        "db": "PACKETSTORM",
        "id": "31444"
      },
      {
        "db": "PACKETSTORM",
        "id": "32268"
      },
      {
        "db": "PACKETSTORM",
        "id": "31490"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200306-069"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0344"
      }
    ]
  },
  "id": "VAR-200306-0042",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 1.0
  },
  "last_update_date": "2022-05-08T07:26:52.746000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MS03-032",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms03-032.asp"
      },
      {
        "title": "MS03-020",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms03-020.asp"
      },
      {
        "title": "MS03-032",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/bulletin/ms03-032.mspx"
      },
      {
        "title": "MS03-020",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/bulletin/ms03-020.mspx"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000168"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0344"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "http://www.eeye.com/html/research/advisories/ad20030604.html"
      },
      {
        "trust": 2.4,
        "url": "http://www.kb.cert.org/vuls/id/679556"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/7806"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/8943"
      },
      {
        "trust": 1.6,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020"
      },
      {
        "trust": 1.6,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a922"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-july/006401.html"
      },
      {
        "trust": 0.9,
        "url": "http://www.eeye.com/html/research/advisories/ad20030723.html"
      },
      {
        "trust": 0.9,
        "url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;819696"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssh.com/txt/buffer.adv"
      },
      {
        "trust": 0.8,
        "url": "http://www.mindrot.org/pipermail/openssh-unix-announce/2003-september/000062.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/openssh/files/patch-buffer.c"
      },
      {
        "trust": 0.8,
        "url": "http://www.secunia.com/advisories/10156/"
      },
      {
        "trust": 0.8,
        "url": "about vulnerability notes"
      },
      {
        "trust": 0.8,
        "url": "contact us about this vulnerability"
      },
      {
        "trust": 0.8,
        "url": "provide a vendor statement"
      },
      {
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms03-039.asp"
      },
      {
        "trust": 0.8,
        "url": "http://www.xfocus.org/advisories/200307/4.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms03-030.asp"
      },
      {
        "trust": 0.8,
        "url": "http://www.microsoft.com/windows/ie/downloads/critical/818529/default.asp"
      },
      {
        "trust": 0.8,
        "url": "http://www.microsoft.com/security/security_bulletins/ms03-020.asp"
      },
      {
        "trust": 0.8,
        "url": "http://www.secunia.com/advisories/8943/"
      },
      {
        "trust": 0.8,
        "url": "http://www.lac.co.jp/security/english/snsadv_e/68_e.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms03-032.asp"
      },
      {
        "trust": 0.8,
        "url": "http://msdn.microsoft.com/workshop/author/dhtml/reference/objects/object.asp"
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/12970"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0344"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0344"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-020.asp"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-032.asp"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/334928"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/813208"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/324265"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/323895"
      },
      {
        "trust": 0.3,
        "url": "http://www.cert.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cert.org/cert_pgp.key"
      },
      {
        "trust": 0.2,
        "url": "http://www.kb.cert.org/vuls/id/561284"
      },
      {
        "trust": 0.2,
        "url": "http://www.kb.cert.org/vuls/id/326746"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/265232"
      },
      {
        "trust": 0.1,
        "url": "http://microsoft.com/technet/security/bulletin/ms03-030.asp"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/advisories/ca-2003-18.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/summaries/cs-2003-04.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/412478"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/333628"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/567620"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/104280"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/686224"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/575892"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/732952"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/989932"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/current/archive/2003/09/19/archive.html#swena"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/summaries/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/stats/cert_stats.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/784980"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/training/"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/838572"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/967668"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/current/current_activity.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/advisories/ca-2003-28.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/advisories/ca-2003-27.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.cert.org/contact_cert/encryptmail.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/incident_notes/in-2003-04.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/435444"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/advisories/ca-2003-26.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/advisories/ca-2003-24.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/advisories/ca-2003-25.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/advisories/ca-2003-23.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/935264"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/467036"
      },
      {
        "trust": 0.1,
        "url": "https://www.cert.org/pgp/cert_pgp_key.asc"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/255484"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/current/archive/2003/11/19/archive.html#mimaili"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/865940"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/380864"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/congressional_testimony"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/422156"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/csirts/"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/254236"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/483492"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/advisories/ca-2003-19.html"
      },
      {
        "trust": 0.1,
        "url": "http://microsoft.com/technet/security/bulletin/ms03-026.asp"
      },
      {
        "trust": 0.1,
        "url": "http://support.microsoft.com?kbid=823980"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#333628"
      },
      {
        "db": "CERT/CC",
        "id": "VU#813208"
      },
      {
        "db": "CERT/CC",
        "id": "VU#326746"
      },
      {
        "db": "CERT/CC",
        "id": "VU#561284"
      },
      {
        "db": "CERT/CC",
        "id": "VU#679556"
      },
      {
        "db": "CERT/CC",
        "id": "VU#334928"
      },
      {
        "db": "BID",
        "id": "7806"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000168"
      },
      {
        "db": "PACKETSTORM",
        "id": "31444"
      },
      {
        "db": "PACKETSTORM",
        "id": "32268"
      },
      {
        "db": "PACKETSTORM",
        "id": "31490"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200306-069"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0344"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#333628"
      },
      {
        "db": "CERT/CC",
        "id": "VU#813208"
      },
      {
        "db": "CERT/CC",
        "id": "VU#326746"
      },
      {
        "db": "CERT/CC",
        "id": "VU#561284"
      },
      {
        "db": "CERT/CC",
        "id": "VU#679556"
      },
      {
        "db": "CERT/CC",
        "id": "VU#334928"
      },
      {
        "db": "BID",
        "id": "7806"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000168"
      },
      {
        "db": "PACKETSTORM",
        "id": "31444"
      },
      {
        "db": "PACKETSTORM",
        "id": "32268"
      },
      {
        "db": "PACKETSTORM",
        "id": "31490"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200306-069"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0344"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2003-09-16T00:00:00",
        "db": "CERT/CC",
        "id": "VU#333628"
      },
      {
        "date": "2003-08-26T00:00:00",
        "db": "CERT/CC",
        "id": "VU#813208"
      },
      {
        "date": "2003-07-31T00:00:00",
        "db": "CERT/CC",
        "id": "VU#326746"
      },
      {
        "date": "2003-07-24T00:00:00",
        "db": "CERT/CC",
        "id": "VU#561284"
      },
      {
        "date": "2003-06-04T00:00:00",
        "db": "CERT/CC",
        "id": "VU#679556"
      },
      {
        "date": "2003-08-26T00:00:00",
        "db": "CERT/CC",
        "id": "VU#334928"
      },
      {
        "date": "2003-06-04T00:00:00",
        "db": "BID",
        "id": "7806"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2003-000168"
      },
      {
        "date": "2003-07-28T00:43:46",
        "db": "PACKETSTORM",
        "id": "31444"
      },
      {
        "date": "2003-11-25T05:25:51",
        "db": "PACKETSTORM",
        "id": "32268"
      },
      {
        "date": "2003-08-05T18:53:20",
        "db": "PACKETSTORM",
        "id": "31490"
      },
      {
        "date": "2003-06-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200306-069"
      },
      {
        "date": "2003-06-16T04:00:00",
        "db": "NVD",
        "id": "CVE-2003-0344"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-08-12T00:00:00",
        "db": "CERT/CC",
        "id": "VU#333628"
      },
      {
        "date": "2003-09-03T00:00:00",
        "db": "CERT/CC",
        "id": "VU#813208"
      },
      {
        "date": "2003-09-10T00:00:00",
        "db": "CERT/CC",
        "id": "VU#326746"
      },
      {
        "date": "2003-07-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#561284"
      },
      {
        "date": "2003-06-04T00:00:00",
        "db": "CERT/CC",
        "id": "VU#679556"
      },
      {
        "date": "2005-08-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#334928"
      },
      {
        "date": "2009-07-11T22:06:00",
        "db": "BID",
        "id": "7806"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2003-000168"
      },
      {
        "date": "2021-07-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200306-069"
      },
      {
        "date": "2021-07-23T12:55:00",
        "db": "NVD",
        "id": "CVE-2003-0344"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200306-069"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSH contains buffer management errors",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#333628"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200306-069"
      }
    ],
    "trust": 0.6
  }
}

ghsa-8c96-w9m5-2cx3

Vulnerability from github

Published

2022-04-29 01:26

Modified

2022-04-29 01:26

Details

Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2003-0344"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2003-06-16T04:00:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.",
  "id": "GHSA-8c96-w9m5-2cx3",
  "modified": "2022-04-29T01:26:16Z",
  "published": "2022-04-29T01:26:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0344"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/8943"
    },
    {
      "type": "WEB",
      "url": "http://www.eeye.com/html/Research/Advisories/AD20030604.html"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/679556"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2003-0344

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.

Aliases

CVE-2003-0344

Aliases

CVE-2003-0344

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2003-0344",
    "description": "Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.",
    "id": "GSD-2003-0344",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2003-0344"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2003-0344"
      ],
      "details": "Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.",
      "id": "GSD-2003-0344",
      "modified": "2023-12-13T01:22:12.832210Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2003-0344",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20030604 Internet Explorer Object Type Property Overflow",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2"
          },
          {
            "name": "8943",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/8943"
          },
          {
            "name": "oval:org.mitre.oval:def:922",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922"
          },
          {
            "name": "20030709 IE Object Type Overflow Exploit",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html"
          },
          {
            "name": "MS03-020",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020"
          },
          {
            "name": "AD20030604",
            "refsource": "EEYE",
            "url": "http://www.eeye.com/html/Research/Advisories/AD20030604.html"
          },
          {
            "name": "VU#679556",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/679556"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0344"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "AD20030604",
              "refsource": "EEYE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.eeye.com/html/Research/Advisories/AD20030604.html"
            },
            {
              "name": "20030709 IE Object Type Overflow Exploit",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html"
            },
            {
              "name": "VU#679556",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/679556"
            },
            {
              "name": "8943",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/8943"
            },
            {
              "name": "20030604 Internet Explorer Object Type Property Overflow",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:922",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922"
            },
            {
              "name": "MS03-020",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-07-23T12:55Z",
      "publishedDate": "2003-06-16T04:00Z"
    }
  }
}

CVE-2003-0344

Vulnerability from fkie_nvd

Published

2003-06-16 04:00

Modified

2024-11-20 23:44

Severity ?

Summary

Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.

References

URL	Tags
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html
cve@mitre.org	http://marc.info/?l=bugtraq&m=105476381609135&w=2
cve@mitre.org	http://secunia.com/advisories/8943
cve@mitre.org	http://www.eeye.com/html/Research/Advisories/AD20030604.html	Patch, Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/679556	US Government Resource
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=105476381609135&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/8943
af854a3a-2127-422b-91ae-364da2661108	http://www.eeye.com/html/Research/Advisories/AD20030604.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/679556	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922

Impacted products

Vendor	Product	Version
microsoft	ie	6.0
microsoft	internet_explorer	5.01
microsoft	internet_explorer	5.5
microsoft	internet_explorer	6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*",
              "matchCriteriaId": "9B0F6E35-652C-4948-9FF4-DBF199B4FA21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en Microsoft Internet Explorer 5.01, 5.5, y 6.0 permite que atacantes remotos ejecuten c\u00f3digo arbitrario mediante un caracter \"/\" (barra inclinada) en la propiedad Type de un tag Object en una p\u00e1gina web."
    }
  ],
  "id": "CVE-2003-0344",
  "lastModified": "2024-11-20T23:44:31.260",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-06-16T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/8943"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.eeye.com/html/Research/Advisories/AD20030604.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/679556"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/8943"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.eeye.com/html/Research/Advisories/AD20030604.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/679556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2003-0344

Vulnerability from cvelistv5

var-200306-0042

Vulnerability from variot

ghsa-8c96-w9m5-2cx3

Vulnerability from github

gsd-2003-0344

Vulnerability from gsd

CVE-2003-0344

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature