Buffer Overflow Vulnerability in Microsoft Windows LSASS Service
CVE-2003-0533

Currently unrated

Key Information:

Vendor: Microsoft
Status: Netmeeting
Vendor: CVE Published:; 1 June 2004

What is CVE-2003-0533?

A stack-based buffer overflow exists in the Local Security Authority Subsystem Service (LSASS) of Microsoft Windows systems, including Windows NT and Windows 2000 editions. It arises from improper handling of packets that generate excessive debug entries in the DCPROMO.LOG file. This overflow can enable remote attackers to execute arbitrary code, leading to potential unauthorized access and control of affected systems, exemplified by exploitation techniques used in the Sasser worm.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2004-A...

mailing-listx_refsource_FULLDISC

http://www.ciac.org/ciac/bulletins/o-114.shtml

third-party-advisorygovernment-resourcex_refsource_CIAC

http://www.eeye.com/html/Research/Advisories/AD20040413C....

third-party-advisoryx_refsource_EEYE

EPSS Score

88% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2004
Vulnerability Reserved
Jul 8, 2003