CVE-2003-0659

Windows NT-Server 2003 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2003-0659. PoCs published by xCrZx, Brett Moore.

AI-analyzed exploit summary This is a functional local exploit for CVE-2003-0659 targeting a buffer overflow vulnerability in Windows ListBox/ComboBox controls. It uses a bind shell payload to achieve remote code execution by manipulating message handling in vulnerable applications.

Description

Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.

Exploits (2)

exploitdb WORKING POC VERIFIED
by xCrZx · clocalwindows
https://www.exploit-db.com/exploits/122

This is a functional local exploit for CVE-2003-0659 targeting a buffer overflow vulnerability in Windows ListBox/ComboBox controls. It uses a bind shell payload to achieve remote code execution by manipulating message handling in vulnerable applications.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Windows ListBox/ComboBox controls (affects various Windows versions including XP)
No auth needed
Prerequisites: Vulnerable application with ListBox/ComboBox controls · Knowledge of target window handles
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Brett Moore · c++localwindows
https://www.exploit-db.com/exploits/23255

This exploit demonstrates a local buffer overflow vulnerability in an undisclosed User32.dll function used by ListBox or ComboBox controls. The code creates a window with a ListBox control, which can be manipulated to trigger the overflow when specific Windows messages are sent.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Theoretical
Target: Microsoft Windows (User32.dll)
No auth needed
Prerequisites: Local access to the target system · Presence of a privileged application using ListBox or ComboBox controls
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A201
US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-2003-27.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13424
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/8827
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106631999907035&w=2
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A340
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/967668
Mailing List mailing-list x_refsource_ntbugtraq
http://marc.info/?l=ntbugtraq&m=106632111408343&w=2

Scores

EPSS 0.0357
EPSS Percentile 88.0%

Details

Status published
Products (8)
microsoft/windows_2000 (5 CPE variants)
microsoft/windows_2003_server enterprise
microsoft/windows_2003_server enterprise_64-bit
microsoft/windows_2003_server r2 (2 CPE variants)
microsoft/windows_2003_server standard
microsoft/windows_2003_server web
microsoft/windows_nt 4.0 (31 CPE variants)
microsoft/windows_xp (7 CPE variants)
Published Nov 17, 2003
Tracked Since Feb 18, 2026