Detections
Analytics
MS03-043: Buffer Overrun in Messenger Service (828035) (uncredentialed check)
critical Nessus Plugin ID 11890
Language:
Synopsis
Arbitrary code can be executed on the remote host.Description
A security vulnerability exists in the Messenger Service that could allow arbitrary code execution on an affected system. An attacker who successfully exploited this vulnerability could be able to run code with Local System privileges on an affected system or could cause the Messenger Service to fail.Disabling the Messenger Service will prevent the possibility of attack.
This plugin actually tests for the presence of this flaw.
Solution
Microsoft has released a set of patches for Windows NT, 2000, XP and 2003.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2003/ms03-043
Plugin Details
Severity: Critical
ID: 11890
File Name: messenger_ms03-043.nasl
Version: 1.50
Type: remote
Agent: windows
Family: Windows
Published: 10/16/2003
Updated: 3/6/2019
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/o:microsoft:windows
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 10/15/2003
Reference Information
CVE: CVE-2003-0717
BID: 8826
MSFT: MS03-043
MSKB: 828035