Summary
A vulnerability exists because the ListBox control and the ComboBox control both call a function, which is located in the User32.dll file, that contains a buffer overrun. An attacker who had the ability to log on to a system interactively could run a program that could send a specially-crafted Windows message to any applications that have implemented the ListBox control or the ComboBox control, causing the application to take any action an attacker specified. An attacker must have valid logon credentials to exploit the vulnerability. This vulnerability could not be exploited remotely.
Solution
see http://www.microsoft.com/technet/security/bulletin/ms03-045.mspx
Severity
Classification
-
CVE CVE-2003-0659 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805)
- Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
- Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220)
- Internet Information Services (IIS) FTP Service Remote Code Execution Vulnerability (2489256)
- Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)