Info

Disclosure

May 30, 2003

Discovery

Apr 24, 2003

Dates

Exploit

May 30, 2003

Solution

Unknown

Description

Windows servers with WebDAV enabled contain a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to the ntdll.dll component of the WebDAV not properly sanitizing input to a path conversion function. If an attacker sends a specially crafted request to this function, they may be able to execute arbitrary code with SYSTEM privileges.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public
Disclosure: OSVDB Verified, Discovered in the Wild

Solution

Microsoft has released a patch to address this vulnerability. It is also possible to correct the flaw by implementing the following workarounds): 1. Disable IIS if not required 2. Disable WebDav if not required

Products

Microsoft Corporation	Windows	2000
		NT 4.0
		NT 4.0 Terminal Server Edition
		XP

References

Exploit Database: 1 2 36 51
Milw0rm: 1 2 36 51
ISS X-Force ID: 11533
CERT VU: 117394
CVE ID: 2003-0109 (see also: NVD)
Microsoft Knowledge Base Article: 241520
Metasploit ID: 4467
Bugtraq ID: 7116
CERT: CA-2003-09
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-06/0005.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0144.html
News Article: http://www.infoworld.com/article/03/03/17/HNmsiisflaw_1.html
http://www.infoworld.com/article/03/03/18/HNarmy_1.html
Other Advisory URL: http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=22029
Generic Exploit URL: http://www.metasploit.com
Generic Informational URL: http://www.nextgenss.com/papers/ms03-007-ntdll.pdf
Microsoft Security Bulletin: MS03-007
CIAC Advisory: n-054

Credit

Operash - nesuminsofthome.net - Personal Page

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Windows

References

Credit