Summary
The remote host is vulnerable to a flaw in ntdll.dll which may allow an attacker to gain system privileges, by exploiting it thru, for instance, WebDAV in IIS5.0 (other services could be exploited, locally and/or remotely)
Note : Microsoft recommends (quoted from advisory) that:
If you have not already applied the MS03-007 patch from this bulletin, Microsoft recommends you apply the MS03-013 patch as it also corrects an additional vulnerability.
Solution
see http://www.microsoft.com/technet/security/bulletin/ms03-007.mspx or http://www.microsoft.com/technet/security/bulletin/MS03-013.mspx
Severity
Classification
-
CVE CVE-2003-0109 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
- Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149)
- Microsoft .NET Framework Privilege Elevation Vulnerability (2958732)
- Microsoft IIS Authentication Remote Code Execution Vulnerability (982666)
- Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)