CVE-2003-0659

Windows NT-Server 2003 - Buffer Overflow

Title source: llm

Description

Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.

Exploits (2)

exploitdb WORKING POC VERIFIED
by xCrZx · clocalwindows
https://www.exploit-db.com/exploits/122
exploitdb WORKING POC VERIFIED
by Brett Moore · c++localwindows
https://www.exploit-db.com/exploits/23255

References (9)

Scores

EPSS 0.0357
EPSS Percentile 87.7%

Details

Status published
Products (8)
microsoft/windows_2000 (5 CPE variants)
microsoft/windows_2003_server enterprise
microsoft/windows_2003_server enterprise_64-bit
microsoft/windows_2003_server r2 (2 CPE variants)
microsoft/windows_2003_server standard
microsoft/windows_2003_server web
microsoft/windows_nt 4.0 (31 CPE variants)
microsoft/windows_xp (7 CPE variants)
Published Nov 17, 2003
Tracked Since Feb 18, 2026