CVE-2003-0306

Windows XP - Buffer Overflow via Long .ShellClassInfo Parameter in desktop.ini

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0306. PoCs published by einstein.

AI-analyzed exploit summary This exploit targets CVE-2003-0306, a buffer overflow vulnerability in Windows Shell (desktop.ini parsing). It crafts a malicious desktop.ini file with a long path and shellcode to achieve remote code execution via a crafted URL.

Description

Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by einstein · clocalwindows

https://www.exploit-db.com/exploits/32

View Code ZIP pw:eip

This exploit targets CVE-2003-0306, a buffer overflow vulnerability in Windows Shell (desktop.ini parsing). It crafts a malicious desktop.ini file with a long path and shellcode to achieve remote code execution via a crafted URL.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows Shell (Windows XP SP1)

No auth needed

Prerequisites: Access to write files on the target system · Target system running Windows XP SP1

MITRE ATT&CK