MS03-043: Buffer Overrun in Messenger Service (828035) (uncredentialed check)

Critical Nessus Plugin ID 11890

Synopsis

Arbitrary code can be executed on the remote host.

Description

A security vulnerability exists in the Messenger Service that could allow arbitrary code execution on an affected system. An attacker who successfully exploited this vulnerability could be able to run code with Local System privileges on an affected system or could cause the Messenger Service to fail.
Disabling the Messenger Service will prevent the possibility of attack.

This plugin actually tests for the presence of this flaw.

Solution

Microsoft has released a set of patches for Windows NT, 2000, XP and 2003.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2003/ms03-043

Plugin Details

Severity: Critical

ID: 11890

File Name: messenger_ms03-043.nasl

Version: 1.50

Type: remote

Agent: windows

Family: Windows

Published: 2003/10/16

Updated: 2019/03/06

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2003/10/15

Reference Information

CVE: CVE-2003-0717

BID: 8826

MSFT: MS03-043

MSKB: 828035