ntdll.dll buffer overflow via IIS 5.0 WebDAV

Added: 07/18/2006
CVE: CVE-2003-0109
BID: 7116
OSVDB: 4467

Background

The dynamic link library ntdll.dll is a core component of the Windows operating system. It is used by many operating system components including the WebDAV component of Microsoft IIS.

Problem

A buffer overflow in ntdll.dll allows remote attackers to execute arbitrary commands with LocalSystem privileges by sending a long, specially crafted WebDAV request to IIS 5.0.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 03-007.

References

http://www.cert.org/advisories/CA-2003-09.html

Limitations

Exploit works on Windows 2000 running IIS 5.0 web server with WebDAV enabled. Failure may cause the web service to become unresponsive but still remain listening.
Back to exploit index