MS03-043: Buffer Overrun in Messenger Service (828035) (uncredentialed check)

This script is Copyright (C) 2003-2017 Tenable Network Security, Inc.


Synopsis :

Arbitrary code can be executed on the remote host.

Description :

A security vulnerability exists in the Messenger Service that could allow
arbitrary code execution on an affected system. An attacker who successfully
exploited this vulnerability could be able to run code with Local System
privileges on an affected system or could cause the Messenger Service to fail.
Disabling the Messenger Service will prevent the possibility of attack.

This plugin actually tests for the presence of this flaw.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms03-043

Solution :

Microsoft has released a set of patches for Windows NT, 2000, XP and
2003.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 11890 ()

Bugtraq ID: 8826

CVE ID: CVE-2003-0717

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now