Oval Definition:oval:org.mitre.oval:def:201
Revision Date:2011-05-16Version:51
Title:Windows XP ComboBox/ListBox GUI Widget User32.dll Buffer Overflow
Description:Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2003-0659
Platform(s):Microsoft Windows XP
Product(s):
Definition Synopsis
  • Software section
  • a vulnerable version of user32.dll exists
  • no service pack is installed and user32.dll is less than 5.1.2600.118
  • NOT Win2K/XP/2003 is patched
  • AND the version of user32.dll is less than 5.1.2600.118
  • OR service pack 1 is installed and user32.dll is less than 5.1.2600.1255
  • Win2K/XP/2003/Vista service pack 1 is installed
  • AND the version of user32.dll is less than 5.1.2600.1255
  • AND NOT the patch kb824141 is installed (Hotfix key)
  • AND Windows XP (sp1 or earlier) is installed
  • Windows XP is installed
  • AND NOT Win2K/XP/2003 service pack 2 (or later) is installed
  • AND NOT the patch kb891711 is installed
  • AND Configuration section
  • the utility manager Service is enabled
    • BACK