Details of VAR-200303-0063

ID

VAR-200303-0063

CVE

CVE-2003-0109

TITLE

Buffer Overflow in Core Microsoft Windows DLL

Trust: 0.8

sources: CERT/CC: VU#117394

DESCRIPTION

Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0. This vulnerability, which is being actively exploited on WebDAV-enabled IIS 5.0 servers, will allow a remote attacker to execute arbitrary code on unpatched systems. Sites running Microsoft Windows should apply a patch or disable WebDAV services as soon as possible. The Windows library ntdll.dll includes a function that does not perform sufficient bounds checking. The vulnerability is present in the function "RtlDosPathNameToNtPathName_U" and may be exploited through other programs that use the library if an attack vector permits it. One of these programs is the implementation of WebDAV that ships with IIS 5.0. Several other library functions which call the vulnerable ntdll.dll procedure have been identified. Administrators are advised to patch as other attack vectors are likely to surface. Windows XP does not also include WebDAV by default, but other attack vectors may be possible, especially in cases where the attacker has interactive access to the system. WebDAV may be installed by a user on Windows XP with IIS 5.1, so WebDAV may be a possible means of exploitation in these circumstances. ** Reports suggest that numerous hosts have been scanned in an attempt to exploit this vulnerability. Although unconfirmed, this may be the result of a system of automated attacks. ** It has been reported that this vulnerability is also present in the "RtlGetFullPathName_U" function. The supplied Microsoft patch (Q815021) also corrects this function. ** It has been reported that the W32.Welchia.Worm, described in MCID 1811, is actively exploiting this vulnerability

Trust: 2.61

sources: NVD: CVE-2003-0109 // CERT/CC: VU#117394 // JVNDB: JVNDB-2003-000088 // BID: 7116

AFFECTED PRODUCTS

vendor:	microsoft	model:	windows 2000	scope:	eq	version:	*	Trust: 1.0
vendor:	microsoft	model:	windows 2000 terminal services	scope:	eq	version:	*	Trust: 1.0
vendor:	microsoft	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	microsoft	model:	iis	scope:	eq	version:	5.0	Trust: 0.8
vendor:	microsoft	model:	windows 2000	scope:	-	version:	-	Trust: 0.8
vendor:	microsoft	model:	windows nt	scope:	eq	version:	4.0 (server)	Trust: 0.8
vendor:	microsoft	model:	windows nt	scope:	eq	version:	4.0 (terminal_srv)	Trust: 0.8
vendor:	microsoft	model:	windows xp	scope:	eq	version:	sp3	Trust: 0.8
vendor:	cisco	model:	call manager	scope:	eq	version:	3.1	Trust: 0.6
vendor:	microsoft	model:	windows 2000	scope:	eq	version:	sp3	Trust: 0.6
vendor:	microsoft	model:	windows 2000 terminal services	scope:	-	version:	-	Trust: 0.6
vendor:	microsoft	model:	windows 2000 terminal services	scope:	eq	version:	sp1	Trust: 0.6
vendor:	microsoft	model:	windows 2000 terminal services	scope:	eq	version:	sp2	Trust: 0.6
vendor:	microsoft	model:	windows 2000 terminal services	scope:	eq	version:	sp3	Trust: 0.6
vendor:	microsoft	model:	windows 2000	scope:	eq	version:	sp2	Trust: 0.6
vendor:	microsoft	model:	windows xp professional sp1	scope:	-	version:	-	Trust: 0.3
vendor:	microsoft	model:	windows xp professional	scope:	-	version:	-	Trust: 0.3
vendor:	microsoft	model:	windows xp home sp1	scope:	-	version:	-	Trust: 0.3
vendor:	microsoft	model:	windows xp home	scope:	-	version:	-	Trust: 0.3
vendor:	microsoft	model:	windows xp 64-bit edition sp1	scope:	-	version:	-	Trust: 0.3
vendor:	microsoft	model:	windows xp 64-bit edition	scope:	-	version:	-	Trust: 0.3
vendor:	microsoft	model:	windows nt workstation sp6a	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt workstation sp6	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt workstation sp5	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt workstation sp4	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt workstation sp3	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt workstation sp2	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt workstation sp1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt workstation	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt terminal server sp6	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt terminal server sp5	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt terminal server sp4	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt terminal server sp3	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt terminal server sp2	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt terminal server sp1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt terminal server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt server sp6a	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt server sp6	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt server sp5	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt server sp4	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt server sp3	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt server sp2	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt server sp1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt enterprise server sp6a	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt enterprise server sp6	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt enterprise server sp5	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt enterprise server sp4	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt enterprise server sp3	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt enterprise server sp2	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt enterprise server sp1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt enterprise server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows terminal services sp3	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows terminal services sp2	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows terminal services sp1	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows terminal services	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows server sp3	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows server sp2	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows server sp1	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows server	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows professional sp3	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows professional sp2	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows professional sp1	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows professional	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows datacenter server sp3	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows datacenter server sp2	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows datacenter server sp1	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows datacenter server	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows advanced server sp3	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows advanced server sp2	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows advanced server sp1	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows advanced server	scope:	eq	version:	2000	Trust: 0.3
vendor:	cisco	model:	wireless lan solution engine	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	vpn/security management solution	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	voice manager	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	user registration tool	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	uone enterprise edition	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	unity server	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	unity server	scope:	eq	version:	3.2	Trust: 0.3
vendor:	cisco	model:	unity server	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	unity server	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	unity server	scope:	eq	version:	2.46	Trust: 0.3
vendor:	cisco	model:	unity server	scope:	eq	version:	2.4	Trust: 0.3
vendor:	cisco	model:	unity server	scope:	eq	version:	2.3	Trust: 0.3
vendor:	cisco	model:	unity server	scope:	eq	version:	2.2	Trust: 0.3
vendor:	cisco	model:	unity server	scope:	eq	version:	2.1	Trust: 0.3
vendor:	cisco	model:	unity server	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	unity server	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	transport manager	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	trailhead	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	sn storage router sn5428-3.3.2-k9	scope:	eq	version:	5428	Trust: 0.3
vendor:	cisco	model:	sn storage router sn5428-3.3.1-k9	scope:	eq	version:	5428	Trust: 0.3
vendor:	cisco	model:	sn storage router sn5428-3.2.2-k9	scope:	eq	version:	5428	Trust: 0.3
vendor:	cisco	model:	sn storage router sn5428-3.2.1-k9	scope:	eq	version:	5428	Trust: 0.3
vendor:	cisco	model:	sn storage router sn5428-2.5.1-k9	scope:	eq	version:	5428	Trust: 0.3
vendor:	cisco	model:	sn storage router sn5428-2-3.3.2-k9	scope:	eq	version:	5428	Trust: 0.3
vendor:	cisco	model:	sn storage router sn5428-2-3.3.1-k9	scope:	eq	version:	5428	Trust: 0.3
vendor:	cisco	model:	sn storage router	scope:	eq	version:	54201.1.3	Trust: 0.3
vendor:	cisco	model:	sn storage router	scope:	eq	version:	54201.1(7)	Trust: 0.3
vendor:	cisco	model:	sn storage router	scope:	eq	version:	54201.1(5)	Trust: 0.3
vendor:	cisco	model:	sn storage router	scope:	eq	version:	54201.1(4)	Trust: 0.3
vendor:	cisco	model:	sn storage router	scope:	eq	version:	54201.1(3)	Trust: 0.3
vendor:	cisco	model:	sn storage router	scope:	eq	version:	54201.1(2)	Trust: 0.3
vendor:	cisco	model:	small network management solution	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	service management	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	secure scanner	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	secure policy manager	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	cisco	model:	routed wan management	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	qos policy manager	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	personal assistant	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	networking services for active directory	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	network registar	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	media blender	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	lan management solution	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ip/vc video rate matching module	scope:	eq	version:	3540	Trust: 0.3
vendor:	cisco	model:	ip/vc application server	scope:	eq	version:	3540	Trust: 0.3
vendor:	cisco	model:	ip telephony environment monitor	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ip contact center express	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ip contact center enterprise	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	internet service node	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	intelligent contact manager	scope:	eq	version:	5.0	Trust: 0.3
vendor:	cisco	model:	intelligent contact manager	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	emergency responder	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	e-mail manager	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	dynamic content adapter	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	docsis cpe configurator	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	customer response application server	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	conference connection	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	collaboration server	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ciscoworks vpn/security management solution	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3(3)	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.2	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.1(2)	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	eq	version:	1.0	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	building broadband service manager hotspot	scope:	eq	version:	1.0	Trust: 0.3
vendor:	cisco	model:	building broadband service manager	scope:	eq	version:	5.2	Trust: 0.3
vendor:	cisco	model:	building broadband service manager	scope:	eq	version:	5.1	Trust: 0.3
vendor:	cisco	model:	broadband troubleshooter	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	ne	version:	3.2.2	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	ne	version:	3.2(1.20)	Trust: 0.3

sources: CERT/CC: VU#117394 // BID: 7116 // JVNDB: JVNDB-2003-000088 // CNNVD: CNNVD-200303-079 // NVD: CVE-2003-0109

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-0109
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#117394
value:	78.00
Trust: 0.8
NVD:	CVE-2003-0109
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200303-079
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2003-0109
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: CERT/CC: VU#117394 // JVNDB: JVNDB-2003-000088 // CNNVD: CNNVD-200303-079 // NVD: CVE-2003-0109

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0109

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200303-079

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 7116 // CNNVD: CNNVD-200303-079

CONFIGURATIONS

sources: JVNDB: JVNDB-2003-000088

PATCH

title:	MS03-007	url:	http://www.microsoft.com/technet/security/bulletin/MS03-007.asp	Trust: 0.8
title:	MS03-007	url:	http://www.microsoft.com/japan/technet/security/bulletin/MS03-007.mspx	Trust: 0.8

sources: JVNDB: JVNDB-2003-000088

EXTERNAL IDS

db:	NVD	id:	CVE-2003-0109	Trust: 2.7
db:	BID	id:	7116	Trust: 2.7
db:	CERT/CC	id:	VU#117394	Trust: 2.4
db:	JVNDB	id:	JVNDB-2003-000088	Trust: 0.8
db:	BUGTRAQ	id:	20030328 FATE RESEARCH LABS PRESENTS: ANALYSIS OF THE NTDLL.DLL EXPLOIT	Trust: 0.6
db:	BUGTRAQ	id:	20030325 IIS 5.0 WEBDAV -PROOF OF CONCEPT-. FULLY DOCUMENTED.	Trust: 0.6
db:	BUGTRAQ	id:	20030326 WEBDAV EXPLOIT: USING WIDE CHARACTER DECODER SCHEME	Trust: 0.6
db:	BUGTRAQ	id:	20030321 NEW ATTACK VECTORS AND A VULNERABILITY DISSECTION OF MS03-007	Trust: 0.6
db:	BUGTRAQ	id:	20030708 WDAV EXPLOIT WITHOUT NETCAT AND WITH PRETTY MAGIC NUMBER	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:109	Trust: 0.6
db:	ISS	id:	20030317 MICROSOFT IIS WEBDAV REMOTE COMPROMISE VULNERABILITY	Trust: 0.6
db:	CERT/CC	id:	CA-2003-09	Trust: 0.6
db:	MSKB	id:	Q815021	Trust: 0.6
db:	NTBUGTRAQ	id:	20030321 NEW ATTACK VECTORS AND A VULNERABILITY DISSECTION OF MS03-007	Trust: 0.6
db:	MS	id:	MS03-007	Trust: 0.6
db:	XF	id:	11533	Trust: 0.6
db:	CNNVD	id:	CNNVD-200303-079	Trust: 0.6

sources: CERT/CC: VU#117394 // BID: 7116 // JVNDB: JVNDB-2003-000088 // CNNVD: CNNVD-200303-079 // NVD: CVE-2003-0109

REFERENCES

url:	http://microsoft.com/downloads/details.aspx?familyid=c9a38d45-5145-4844-b62e-c69d32ac929b&displaylang=en	Trust: 2.4
url:	http://www.nextgenss.com/papers/ms03-007-ntdll.pdf	Trust: 2.4
url:	http://www.cert.org/advisories/ca-2003-09.html	Trust: 2.4
url:	http://www.securityfocus.com/bid/7116	Trust: 2.4
url:	http://www.iss.net/issen/delivery/xforce/alertdetail.jsp?oid=22029	Trust: 2.4
url:	http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-007.asp	Trust: 1.9
url:	http://www.kb.cert.org/vuls/id/117394	Trust: 1.6
url:	http://www.iss.net/security_center/static/11533.php	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=104826476427372&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=104861839130254&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=104869293619064&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=104887148323552&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=105768156625699&w=2	Trust: 1.0
url:	http://marc.info/?l=ntbugtraq&m=104826785731151&w=2	Trust: 1.0
url:	http://support.microsoft.com/default.aspx?scid=kb%3b%5bln%5d%3bq815021	Trust: 1.0
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-007	Trust: 1.0
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a109	Trust: 1.0
url:	http://www.microsoft.com/windows2000/technologies/web/default.asp	Trust: 0.8
url:	http://www.ietf.org/rfc/rfc2518.txt	Trust: 0.8
url:	http://www.microsoft.com/downloads/release.asp?releaseid=43955	Trust: 0.8
url:	http://support.microsoft.com/default.aspx?scid=kb;en-us;241520	Trust: 0.8
url:	http://support.microsoft.com/default.aspx?scid=kb;%5bln%5d;326444	Trust: 0.8
url:	http://go.microsoft.com/fwlink/?linkid=14875	Trust: 0.8
url:	http://support.microsoft.com/default.aspx?scid=kb;en-us;816930	Trust: 0.8
url:	http://support.microsoft.com/default.aspx?scid=kb;en-us;260694	Trust: 0.8
url:	http://www.lurhq.com/webdav.html	Trust: 0.8
url:	http://www.ciac.org/ciac/bulletins/n-054.shtml	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0109	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20030318iiswebdav.html	Trust: 0.8
url:	http://www.jpcert.or.jp/wr/2003/wr031201.txt	Trust: 0.8
url:	http://www.jpcert.or.jp/wr/2003/wr031701.txt	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2003/at030003.txt	Trust: 0.8
url:	http://jvn.jp/cert/jvnca-2003-09	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0109	Trust: 0.8
url:	http://www.symantec.com/region/jp/sarcj/data/w/w32.welchia.b.worm.html	Trust: 0.8
url:	http://www.isskk.co.jp/support/techinfo/general/webdav_iis_xforce.html	Trust: 0.8
url:	http://www.cyberpolice.go.jp/important/20030318_155635.html	Trust: 0.8
url:	http://www.cyberpolice.go.jp/important/20030329_162146.html	Trust: 0.8
url:	http://www.microsoft.com/technet/security/bulletin/ms03-007.asp	Trust: 0.6
url:	http://support.microsoft.com/default.aspx?scid=kb;%5bln%5d;q815021	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=ntbugtraq&m=104826785731151&w=2	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=105768156625699&w=2	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=104887148323552&w=2	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=104869293619064&w=2	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=104861839130254&w=2	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=104826476427372&w=2	Trust: 0.6
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:109	Trust: 0.6
url:	http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml	Trust: 0.3
url:	http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b241520	Trust: 0.3
url:	http://support.coresecurity.com/impact/exploits/c369522bc8e35de72c8875bfbd218985.html	Trust: 0.3
url:	http://www.securityfocus.com/archive/88/315375	Trust: 0.3
url:	http://www.msnbc.com/news/886524.asp?0cv=cb10	Trust: 0.3
url:	/archive/1/323508	Trust: 0.3
url:	/archive/1/316228	Trust: 0.3
url:	/archive/1/323441	Trust: 0.3
url:	/archive/1/315845	Trust: 0.3
url:	/archive/1/316304	Trust: 0.3

sources: CERT/CC: VU#117394 // BID: 7116 // JVNDB: JVNDB-2003-000088 // CNNVD: CNNVD-200303-079 // NVD: CVE-2003-0109

CREDITS

Microsoft Security Bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200303-079

SOURCES

db:	CERT/CC	id:	VU#117394
db:	BID	id:	7116
db:	JVNDB	id:	JVNDB-2003-000088
db:	CNNVD	id:	CNNVD-200303-079
db:	NVD	id:	CVE-2003-0109

LAST UPDATE DATE

2024-08-14T14:29:34.444000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#117394	date:	2003-05-30T00:00:00
db:	BID	id:	7116	date:	2009-07-11T21:06:00
db:	JVNDB	id:	JVNDB-2003-000088	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200303-079	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-0109	date:	2023-11-07T01:56:13.780

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#117394	date:	2003-03-17T00:00:00
db:	BID	id:	7116	date:	2003-03-17T00:00:00
db:	JVNDB	id:	JVNDB-2003-000088	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200303-079	date:	2003-03-31T00:00:00
db:	NVD	id:	CVE-2003-0109	date:	2003-03-31T05:00:00