CVE-2003-0717

Messenger Service - Buffer Overflow

Title source: llm

Description

The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

Exploits (4)

exploitdb WORKING POC VERIFIED

by VeNoMouS · cdoswindows

https://www.exploit-db.com/exploits/385

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by MrNice · cremotewindows

https://www.exploit-db.com/exploits/135

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Adik · cremotewindows

https://www.exploit-db.com/exploits/23247

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by LSD-PLaNET · cdoswindows

https://www.exploit-db.com/exploits/111

View Code ZIP pw:eip

References (8)

[Mailing List] http://marc.info/?l=bugtraq&m=106666713812158&w=2

[Mailing List] http://marc.info/?l=ntbugtraq&m=106632188709562&w=2

[US Government Resource] http://www.cert.org/advisories/CA-2003-27.html

[Patch, Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/575892

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/8826

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-043

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A213

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A268

Scores

EPSS 0.8576

EPSS Percentile 99.4%

Details

Status published

Products (9)

microsoft/windows_2000 (5 CPE variants)

microsoft/windows_2003_server enterprise

microsoft/windows_2003_server enterprise_64-bit

microsoft/windows_2003_server r2 (2 CPE variants)

microsoft/windows_2003_server standard

microsoft/windows_2003_server web

microsoft/windows_me

microsoft/windows_nt 4.0 (31 CPE variants)

microsoft/windows_xp (5 CPE variants)

Published Nov 17, 2003

Tracked Since Feb 18, 2026