Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:3CED7F0FB39545F37A89E82E6EE810D6
HistoryOct 13, 2006 - 12:00 a.m.

Microsoft SSL library PCT buffer overflow

2006-10-1300:00:00
SAINT Corporation
download.saintcorporation.com
17

EPSS

0.958

Percentile

99.4%

JSON

Added: 10/13/2006
CVE: CVE-2003-0719
BID: 10116
OSVDB: 5250

Background

The Microsoft Secure Sockets Layer (SSL) library provides support for a number of secure communication protocols, including the Private Communication Technology (PCT) protocol. Since PCT has been superceded by SSL 3.0, the Microsoft SSL library supports it for backwards compatibility only. The Microsoft SSL library is used by many applications, including Microsoft Internet Information Services (IIS).

Problem

A buffer overflow in the Microsoft SSL library when handling the PCT protocol allows remote attackers to execute arbitrary commands by sending a specially crafted message to an application which uses SSL.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 04-011.

References

<http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx&gt;
<http://www.kb.cert.org/vuls/id/586540&gt;

Limitations

Exploit works on Microsoft IIS 5.0 and 5.1.

Platforms

Windows 2000
Windows XP

Related

cve 1
canvas 1
cert 1
saint 3
cvelist 1
packetstorm 1
checkpoint_advisories 4
nvd 1
nessus 1
openvas 1
securityvulns 2
cve
cve
CVE-2003-0719
2004-06-01 04:00:00
canvas
canvas
Immunity Canvas: MS04_011_SSLPCT
2004-06-01 04:00:00
cert
cert
Microsoft Private Communication Technology (PCT) fails to properly validate message inputs
2004-04-14 00:00:00
saint
saint
Microsoft SSL library PCT buffer overflow
2006-10-13 00:00:00
Microsoft SSL library PCT buffer overflow
2006-10-13 00:00:00
Microsoft SSL library PCT buffer overflow
2006-10-13 00:00:00
cvelist
cvelist
CVE-2003-0719
2004-04-16 04:00:00
packetstorm
packetstorm
Microsoft Private Communications Transport Overflow
2009-11-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows SSL Library Private Communications Transport Buffer Overflow - Ver2 (CVE-2003-0719)
2014-12-28 00:00:00
Non Compliant SSL (CVE-2003-0719; CVE-2004-0826)
2013-08-16 00:00:00
SSL - General Settings (CVE-2003-0719; CVE-2004-0826)
2005-02-01 00:00:00
nvd
nvd
CVE-2003-0719
2004-06-01 04:00:00
nessus
nessus
MS04-011: Microsoft Hotfix (credentialed check) (835732)
2004-04-13 00:00:00
openvas
openvas
Microsoft Windows MS04-011 Security Check
2009-03-15 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS04-011
2004-04-14 00:00:00
US-CERT Technical Cyber Security Alert TA04-104A -- Multiple Vulnerabilities in Microsoft Products
2004-04-14 00:00:00

EPSS

0.958

Percentile

99.4%

JSON
Related for SAINT:3CED7F0FB39545F37A89E82E6EE810D6
cve1canvas1cert1saint3cvelist1packetstorm1checkpoint_advisories4nvd1nessus1openvas1securityvulns2