CVE-2003-0109
EXPLOITEDWindows 2000 - Remote Code Execution via WebDAV Request
Title source: llmExploitation Summary
CVE-2003-0109 has been observed exploited in the wild (reported by VulnCheck KEV).
EIP tracks 10 public exploits from researchers including Metasploit, Schizoprenic, alumni, including a Metasploit module exploits/windows/iis/ms03_007_ntdll_webdav.
AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in NTDLL.dll on Windows 2000 via the SEARCH WebDAV method in IIS 5.0. It uses a long URL to trigger the overflow and includes multiple return addresses for brute-forcing.
Description
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
Exploits (10)
This Metasploit module exploits a buffer overflow in NTDLL.dll on Windows 2000 via the SEARCH WebDAV method in IIS 5.0. It uses a long URL to trigger the overflow and includes multiple return addresses for brute-forcing.
This exploit targets a buffer overflow vulnerability in IIS 5.0 WebDAV (CVE-2003-0109) by sending a maliciously crafted XML request. It includes shellcode to spawn a reverse shell on port 31337, leveraging a known NTDLL.DLL overflow.
This exploit targets CVE-2003-0109, a buffer overflow vulnerability in Microsoft IIS WebDAV. It crafts a malicious HTTP SEARCH request with embedded shellcode to spawn a reverse shell on port 32768.
The writeup describes a vulnerability in the ntdll.dll function 'RtlDosPathNameToNtPathName_U' which lacks sufficient bounds checking. This vulnerability can be exploited through programs like WebDAV in IIS 5.0, allowing remote attackers to execute arbitrary code.
This exploit generates a malicious .reg file that triggers a buffer overflow in regedit.exe via an unchecked ReadFile() function, leading to arbitrary code execution. The payload downloads and executes a specified URL, demonstrating a remote code execution (RCE) vulnerability.
This exploit targets a buffer overflow vulnerability in IIS 5.0 WebDAV (CVE-2003-0109) by sending a maliciously crafted HTTP SEARCH request. It uses a Unicode conversion flaw to overwrite the return address and execute shellcode, binding a cmd.exe shell to a specified port.
This exploit targets a buffer overflow vulnerability in the `RtlDosPathNameToNtPathName_U` function in `ntdll.dll` via WebDAV in IIS 5.0. It uses a unicode decoder scheme and self-modifying shellcode to execute arbitrary commands (e.g., adding a user).
This exploit targets a buffer overflow vulnerability in ntdll.dll through WebDAV on IIS servers. It uses a reverse shell shellcode and requires manual padding adjustments to achieve successful exploitation.
The writeup describes a vulnerability in the ntdll.dll function 'RtlDosPathNameToNtPathName_U' which lacks sufficient bounds checking. This can be exploited remotely via WebDAV in IIS 5.0 or through other attack vectors in programs using the library.
This Metasploit module exploits a buffer overflow in NTDLL.dll on Windows 2000 through the SEARCH WebDAV method in IIS 5.0. It targets multiple Windows 2000 versions (SP0-SP3) and delivers a reverse shell payload.