CVE-2003-0812

Windows Workstation Service - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2003-0812. PoCs published by Metasploit, fiNis, snooq, including Metasploit module exploits/windows/smb/ms03_049_netapi.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack buffer overflow in the NetApi32 NetAddAlternateComputerName function via the Workstation service in Windows XP. It leverages a maliciously crafted Unicode string to achieve remote code execution.

Description

Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.

Exploits (5)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16378

This is a Metasploit module exploiting a stack buffer overflow in the NetApi32 NetAddAlternateComputerName function via the Workstation service in Windows XP. It leverages a maliciously crafted Unicode string to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows XP SP0/SP1
Auth required
Prerequisites: Network access to target · Valid SMB credentials · Workstation service accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by fiNis · cremotewindows
https://www.exploit-db.com/exploits/130

This exploit targets CVE-2003-0812, a buffer overflow in the Windows Workstation Service (NetAddAlternateComputerName). It sends a crafted RPC request to trigger the vulnerability and execute a bind shell on port 9191.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows XP (various service packs, Russian versions)
No auth needed
Prerequisites: Network access to target · Target must have vulnerable Workstation Service exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by snooq · cremotewindows
https://www.exploit-db.com/exploits/123

This is a functional exploit for CVE-2003-0812 targeting the WKSSVC (Workstation Service) vulnerability in Windows 2000. It includes shellcode for both bind and reverse shells, leveraging a buffer overflow to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Windows 2000 (en) SP1/SP4
No auth needed
Prerequisites: Network access to target · Vulnerable WKSSVC service exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by eEYe · cremotewindows
https://www.exploit-db.com/exploits/119

This exploit targets CVE-2003-0812 (MS03-049) in Windows 2000 SP4 by leveraging a buffer overflow in the NetValidateName function. It uses a port-binding shellcode (5555) and a crafted buffer to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows 2000 SP4
No auth needed
Prerequisites: Network access to target · Target running Windows 2000 SP4 with FAT32 filesystem
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by hdm · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms03_049_netapi.rb

This Metasploit module exploits a stack buffer overflow in the NetApi32 NetAddAlternateComputerName function via the Workstation service in Windows XP. It constructs a malicious DCERPC request with a long string to trigger the overflow and execute arbitrary payloads.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows XP SP0/SP1
Auth required
Prerequisites: Network access to target · Valid SMB credentials
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (9)

Core 9
Core References
Vendor Advisory vendor-advisory x_refsource_cisco
http://www.cisco.com/warp/public/707/cisco-sa-20040129-ms03-049.shtml
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9011
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106859247713009&w=2
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/567620
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106865197102041&w=2
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A331
US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-2003-28.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A575

Scores

EPSS 0.8105
EPSS Percentile 99.6%

Details

Status published
Products (2)
microsoft/windows_2000 (5 CPE variants)
microsoft/windows_xp (6 CPE variants)
Published Dec 15, 2003
Tracked Since Feb 18, 2026