Sign-up

ID

VAR-200306-0098


CVE

CVE-2003-0224


TITLE

Microsoft IIS of SSI Buffer overflow vulnerability in page requests

Trust: 0.8

sources: JVNDB: JVNDB-2003-000155

DESCRIPTION

Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun.". Microsoft IIS ssinc.dll has been reported prone to a buffer overflow vulnerability. The issue presents itself, due to insufficient bounds checking performed on requests for server side includes. This vulnerability was initially described in BID 7728 and is now being assigned its own BID

Trust: 1.89

sources: NVD: CVE-2003-0224 // JVNDB: JVNDB-2003-000155 // BID: 7734

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information servicesscope:eqversion:5.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 1.1

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 0.8

vendor:microsoftmodel:iisscope:eqversion:5.1

Trust: 0.8

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 0.6

vendor:microsoftmodel:iisscope:neversion:6.0

Trust: 0.3

vendor:microsoftmodel:iisscope:neversion:5.1

Trust: 0.3

vendor:microsoftmodel:iisscope:neversion:4.0

Trust: 0.3

sources: BID: 7734 // JVNDB: JVNDB-2003-000155 // CNNVD: CNNVD-200306-007 // NVD: CVE-2003-0224

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0224
value: HIGH

Trust: 1.0

NVD: CVE-2003-0224
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200306-007
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2003-0224
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2003-000155 // CNNVD: CNNVD-200306-007 // NVD: CVE-2003-0224

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0224

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200306-007

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 7734 // CNNVD: CNNVD-200306-007

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2003-000155

PATCH
title:MS03-018url:http://www.microsoft.com/technet/security/bulletin/ms03-018.asp
Trust: 0.8
title:MS03-018url:http://www.microsoft.com/japan/technet/security/bulletin/MS03-018.mspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2003-000155

EXTERNAL IDS
db:NVDid:CVE-2003-0224
Trust: 2.7
db:BIDid:7734
Trust: 1.1
db:JVNDBid:JVNDB-2003-000155
Trust: 0.8
db:NTBUGTRAQid:20030530 NSFOCUS SA2003-05: MICROSOFT IIS SSINC.DLL OVER-LONG FILENAME BUFFER OVERFLOW VULNERABILITY
Trust: 0.6
db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:483
Trust: 0.6
db:MSid:MS03-018
Trust: 0.6
db:CNNVDid:CNNVD-200306-007
Trust: 0.6
sources:
            
            
            BID: 7734 // 
            
            
            
            JVNDB: JVNDB-2003-000155 // 
            
            
            
            CNNVD: CNNVD-200306-007 // 
            
            
            
            NVD: CVE-2003-0224

REFERENCES
url:http://marc.info/?l=ntbugtraq&m=105431767100944&w=2
Trust: 1.0
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018
Trust: 1.0
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a483
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0224
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0224
Trust: 0.8
url:http://www.securityfocus.com/bid/7734
Trust: 0.8
url:http://www.microsoft.com/technet/security/bulletin/ms03-018.asp
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105431767100944&w=2
Trust: 0.6
url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:483
Trust: 0.6
url:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-050.asp
Trust: 0.3
url:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-018.asp
Trust: 0.3
url:http://www.nsfocus.com/english/homepage/sa2003-05.htm
Trust: 0.3
sources:
            
            
            BID: 7734 // 
            
            
            
            JVNDB: JVNDB-2003-000155 // 
            
            
            
            CNNVD: CNNVD-200306-007 // 
            
            
            
            NVD: CVE-2003-0224

CREDITS
Nsfocus Security Team※ security@nsfocus.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200306-007

SOURCES
db:BIDid:7734
db:JVNDBid:JVNDB-2003-000155
db:CNNVDid:CNNVD-200306-007
db:NVDid:CVE-2003-0224

LAST UPDATE DATE
2024-08-14T15:09:56.449000+00:00

SOURCES UPDATE DATE
db:BIDid:7734date:2009-07-11T22:06:00
db:JVNDBid:JVNDB-2003-000155date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200306-007date:2005-10-20T00:00:00
db:NVDid:CVE-2003-0224date:2018-10-30T16:25:10.357

SOURCES RELEASE DATE
db:BIDid:7734date:2003-05-28T00:00:00
db:JVNDBid:JVNDB-2003-000155date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200306-007date:2003-05-27T00:00:00
db:NVDid:CVE-2003-0224date:2003-06-09T04:00:00