Sign-up

ID

VAR-200312-0215


CVE

CVE-2003-0822


TITLE

Microsoft FrontPage Server Extensions contains denial of service vulnerability in the SmartHTML interpreter

Trust: 0.8

sources: CERT/CC: VU#179012

DESCRIPTION

Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request. It is possible to trigger this condition with a chunked-encoded HTTP POST request

Trust: 3.42

sources: NVD: CVE-2003-0822 // CERT/CC: VU#179012 // CERT/CC: VU#279156 // JVNDB: JVNDB-2003-000338 // BID: 9007 // VULMON: CVE-2003-0822

AFFECTED PRODUCTS

vendor:microsoftmodel: - scope: - version: -

Trust: 1.6

vendor:microsoftmodel:sharepoint team servicesscope:eqversion:2002

Trust: 1.3

vendor:microsoftmodel:frontpage server extensionsscope:eqversion:2002

Trust: 1.3

vendor:microsoftmodel:frontpage server extensionsscope:eqversion:2000

Trust: 1.3

vendor:microsoftmodel:windows xpscope:eqversion:*

Trust: 1.0

vendor:microsoftmodel:windows 2000scope:eqversion:*

Trust: 1.0

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 0.8

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 0.8

vendor:microsoftmodel:iisscope:eqversion:5.1

Trust: 0.8

vendor:microsoftmodel:windows xpscope:eqversion:sp1

Trust: 0.6

vendor:microsoftmodel:windows 2000scope:eqversion:sp3

Trust: 0.6

vendor:microsoftmodel:windows xpscope:eqversion:gold

Trust: 0.6

vendor:microsoftmodel:windows 2000scope:eqversion:sp2

Trust: 0.6

vendor:microsoftmodel:windows xp professional sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows xp home sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows xp 64-bit edition sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server sp3scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows server sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professional sp3scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professional sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows datacenter server sp3scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows datacenter server sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced server sp3scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced server sp2scope:eqversion:2000

Trust: 0.3

sources: CERT/CC: VU#179012 // CERT/CC: VU#279156 // BID: 9007 // JVNDB: JVNDB-2003-000338 // CNNVD: CNNVD-200312-061 // NVD: CVE-2003-0822

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0822
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#179012
value: 3.09

Trust: 0.8

CARNEGIE MELLON: VU#279156
value: 52.31

Trust: 0.8

NVD: CVE-2003-0822
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200312-061
value: HIGH

Trust: 0.6

VULMON: CVE-2003-0822
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2003-0822
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: CERT/CC: VU#179012 // CERT/CC: VU#279156 // VULMON: CVE-2003-0822 // JVNDB: JVNDB-2003-000338 // CNNVD: CNNVD-200312-061 // NVD: CVE-2003-0822

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0822

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-061

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 9007 // CNNVD: CNNVD-200312-061

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2003-000338

EXPLOIT AVAILABILITY
sources:
            
            
            VULMON: CVE-2003-0822

PATCH
title:MS03-051url:http://www.microsoft.com/technet/security/bulletin/MS03-051.mspx
Trust: 0.8
title:MS03-051url:http://www.microsoft.com/japan/technet/security/bulletin/MS03-051.mspx
Trust: 0.8
title:OSCPurl:https://github.com/H3n2yk/OSCP 
Trust: 0.1
title: - url:https://github.com/rmsbpro/rmsbpro 
Trust: 0.1
title: - url:https://github.com/nitishbadole/oscp-note-2 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2003-0822 // 
            
            
            
            JVNDB: JVNDB-2003-000338

EXTERNAL IDS
db:SECUNIAid:10195
Trust: 3.3
db:CERT/CCid:VU#279156
Trust: 3.3
db:NVDid:CVE-2003-0822
Trust: 2.8
db:BIDid:9007
Trust: 1.2
db:CERT/CCid:VU#179012
Trust: 0.8
db:JVNDBid:JVNDB-2003-000338
Trust: 0.8
db:BUGTRAQid:20031112 FRONTPAGE EXTENSIONS REMOTE COMMAND EXECUTION
Trust: 0.6
db:NTBUGTRAQid:20031112 FRONTPAGE EXTENSIONS REMOTE COMMAND EXECUTION
Trust: 0.6
db:XFid:13674
Trust: 0.6
db:MSid:MS03-051
Trust: 0.6
db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:699
Trust: 0.6
db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:367
Trust: 0.6
db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:366
Trust: 0.6
db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:743
Trust: 0.6
db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:364
Trust: 0.6
db:CNNVDid:CNNVD-200312-061
Trust: 0.6
db:EXPLOIT-DBid:121
Trust: 0.1
db:VULMONid:CVE-2003-0822
Trust: 0.1
sources:
            
            
            CERT/CC: VU#179012 // 
            
            
            
            CERT/CC: VU#279156 // 
            
            
            
            VULMON: CVE-2003-0822 // 
            
            
            
            BID: 9007 // 
            
            
            
            JVNDB: JVNDB-2003-000338 // 
            
            
            
            CNNVD: CNNVD-200312-061 // 
            
            
            
            NVD: CVE-2003-0822

REFERENCES
url:http://www.kb.cert.org/vuls/id/279156
Trust: 2.6
url:http://www.microsoft.com/technet/security/bulletin/ms03-051.asp
Trust: 2.2
url:http://secunia.com/advisories/10195
Trust: 1.7
url:http://www.secunia.com/advisories/10195/
Trust: 1.6
url:http://marc.info/?l=bugtraq&m=106865318904055&w=2
Trust: 1.1
url:http://marc.info/?l=ntbugtraq&m=106862654906759&w=2
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/13674
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a743
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a699
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a367
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a366
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a364
Trust: 1.1
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-051
Trust: 1.1
url:http://www.securityfocus.com/bid/9007
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0822
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0822
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/13674
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=bugtraq&m=106865318904055&w=2
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=ntbugtraq&m=106862654906759&w=2
Trust: 0.6
url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:743
Trust: 0.6
url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:699
Trust: 0.6
url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:367
Trust: 0.6
url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:366
Trust: 0.6
url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:364
Trust: 0.6
url:http://support.coresecurity.com/impact/exploits/586a3e4e94f399a90e3aedcce093cb86.html
Trust: 0.3
url:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-051.asp
Trust: 0.3
url:/archive/1/344221
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/121/
Trust: 0.1
url:https://www.rapid7.com/db/modules/exploit/windows/isapi/ms03_051_fp30reg_chunked
Trust: 0.1
sources:
            
            
            CERT/CC: VU#179012 // 
            
            
            
            CERT/CC: VU#279156 // 
            
            
            
            VULMON: CVE-2003-0822 // 
            
            
            
            BID: 9007 // 
            
            
            
            JVNDB: JVNDB-2003-000338 // 
            
            
            
            CNNVD: CNNVD-200312-061 // 
            
            
            
            NVD: CVE-2003-0822

CREDITS
Microsoft Security Team※ secure@microsoft.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200312-061

SOURCES
db:CERT/CCid:VU#179012
db:CERT/CCid:VU#279156
db:VULMONid:CVE-2003-0822
db:BIDid:9007
db:JVNDBid:JVNDB-2003-000338
db:CNNVDid:CNNVD-200312-061
db:NVDid:CVE-2003-0822

LAST UPDATE DATE
2024-08-14T14:29:29.673000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#179012date:2003-11-14T00:00:00
db:CERT/CCid:VU#279156date:2003-11-14T00:00:00
db:VULMONid:CVE-2003-0822date:2019-04-30T00:00:00
db:BIDid:9007date:2009-07-12T00:56:00
db:JVNDBid:JVNDB-2003-000338date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200312-061date:2005-10-20T00:00:00
db:NVDid:CVE-2003-0822date:2019-04-30T14:27:12.397

SOURCES RELEASE DATE
db:CERT/CCid:VU#179012date:2003-11-14T00:00:00
db:CERT/CCid:VU#279156date:2003-11-12T00:00:00
db:VULMONid:CVE-2003-0822date:2003-12-15T00:00:00
db:BIDid:9007date:2003-11-11T00:00:00
db:JVNDBid:JVNDB-2003-000338date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200312-061date:2003-11-05T00:00:00
db:NVDid:CVE-2003-0822date:2003-12-15T05:00:00