VDB
CVE-2003-0352
CVE-2003-0352
PUBLISHED
CVSS 7.5 HIGH
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
EPSS 91.14% · 99.7th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
91.14%
99.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | windows_xp | |
| microsoft | windows_2000 | |
| n/a | n/a | n/a, n/a |
| microsoft | windows_nt | 4.0, 4.0, 4.0 |
| microsoft | windows_2003_server | r2, standard, web |
Timeline
- CVE Published
- Sep 7, 2007 VulnCheck KEV Exploitation
- Sep 23, 2010 PoC Published
- Jan 11, 2011 PoC Published
- Jun 20, 2017 VulnCheck KEV Exploitation
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
References
- win-rpc-dcom-bo(12629) vdb
- CA-2003-16 third-party-advisory
- oval:org.mitre.oval:def:296 vdb
- 8205 vdb
- 20030730 rpcdcom Universal offsets mailing-list
- 20030725 The Analysis of LSD's Buffer Overrun in Windows RPC Interface(code revised ) mailing-list
- 20030726 Re: The French BUGTRAQ (New Win RPC Exploit) mailing-list
- oval:org.mitre.oval:def:194 vdb
- VU#568148 third-party-advisory
- 20030716 [LSD] Critical security vulnerability in Microsoft Operating Systems mailing-list
- MS03-026 vendor-advisory
- CA-2003-19 third-party-advisory
- http://www.xfocus.org/documents/200307/2.html url
- oval:org.mitre.oval:def:2343 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2003-0352 advisory