Microsoft SSL library PCT buffer overflow

Added: 10/13/2006
CVE: CVE-2003-0719
BID: 10116
OSVDB: 5250


The Microsoft Secure Sockets Layer (SSL) library provides support for a number of secure communication protocols, including the Private Communication Technology (PCT) protocol. Since PCT has been superceded by SSL 3.0, the Microsoft SSL library supports it for backwards compatibility only. The Microsoft SSL library is used by many applications, including Microsoft Internet Information Services (IIS).


A buffer overflow in the Microsoft SSL library when handling the PCT protocol allows remote attackers to execute arbitrary commands by sending a specially crafted message to an application which uses SSL.


Apply the patch referenced in Microsoft Security Bulletin 04-011.



Exploit works on Microsoft IIS 5.0 and 5.1.


Windows 2000
Windows XP

Back to exploit index