Vulnerability Name:

CVE-2003-0812 (CCN-13639)

Assigned:2003-11-11
Published:2003-11-11
Updated:2019-04-30
Summary:Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Tue Nov 11 2003 - 14:34:31 CST
Windows Workstation Service Remote Buffer Overflow

Source: CCN
Type: Core Security Technologies Advisory CORE-2003-12-05
DCE RPC Vulnerabilities New Attack Vectors Analysis

Source: MITRE
Type: CNA
CVE-2003-0812

Source: BUGTRAQ
Type: UNKNOWN
20031111 EEYE: Windows Workstation Service Remote Buffer Overflow

Source: BUGTRAQ
Type: UNKNOWN
20031112 Proof of concept for Windows Workstation Service overflow

Source: CCN
Type: CERT Advisory CA-2003-28
Buffer Overflow in Windows Workstation Service

Source: CERT
Type: US Government Resource
CA-2003-28

Source: CCN
Type: CIAC Information Bulletin O-004
Microsoft Buffer Overrun in Messenger Service Could Allow Code Execution

Source: CCN
Type: CIAC Information Bulletin O-022
Microsoft Buffer Overrun Vulnerability in Workstation Service

Source: CCN
Type: Cisco Systems Inc. Security Advisory, 2004 January 29 18:00 UTC (GMT
Buffer Overrun in Microsoft Windows 2000 Workstation Service (MS03-049)

Source: CISCO
Type: UNKNOWN
20040129 Buffer Overrun in Microsoft Windows 2000 Workstation Service (MS03-049)

Source: CCN
Type: US-CERT VU#567620
Microsoft Windows Workstation service vulnerable to buffer overflow when sent specially crafted network message

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#567620

Source: CCN
Type: Microsoft Security Bulletin MS03-043
Buffer Overrun in Messenger Service Could Allow Code Execution (828035)

Source: CCN
Type: Microsoft Security Bulletin MS03-049
Buffer Overrun in the Workstation Service Could Allow Code Execution

Source: CCN
Type: Microsoft Security Bulletin MS06-070
Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)

Source: BID
Type: Exploit, Patch, Vendor Advisory
9011

Source: CCN
Type: BID-9011
Microsoft Windows Workstation Service Remote Buffer Overflow Vulnerability

Source: CCN
Type: Internet Security Systems Security Alert, November 11, 2003
Microsoft Workstation Service Buffer Overflow

Source: MS
Type: UNKNOWN
MS03-049

Source: XF
Type: UNKNOWN
win-workstation-bo(13639)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:331

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:575

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:*:x64:*:*:*:*:*
  • AND
  • cpe:/o:cisco:conference_connection:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:internet_service_node:*:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_callmanager:-:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ip_contact_center_express:*:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:personal_assistant:-:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:emergency_responder:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:331
    V
    		Windows XP Workstation Service Logging Function Buffer Overflow
    2011-10-03
    oval:org.mitre.oval:def:575
    V
    		Windows 2000 Workstation Service Logging Function Buffer Overflow
    2011-10-03
    BACK
    microsoft windows 2000 *
    microsoft windows 2000 * sp1
    microsoft windows 2000 * sp2
    microsoft windows 2000 * sp3
    microsoft windows 2000 * sp4
    microsoft windows xp *
    microsoft windows xp *
    microsoft windows xp *
    microsoft windows xp * gold
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp
    microsoft windows 2000 - sp2
    microsoft windows 2000 - sp3
    microsoft windows xp - sp1
    microsoft windows 2000 - sp4
    microsoft windows xp -
    cisco conference connection -
    cisco internet service node *
    cisco unified callmanager -
    cisco ip contact center express *
    cisco personal assistant -
    cisco emergency responder -