CVE-2003-0906

{"id": "CVE-2003-0906", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2004-06-01T04:00:00.000", "references": [{"url": "http://www.kb.cert.org/vuls/id/547028", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/10120", "source": "cve@mitre.org"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA04-104A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1064", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A897", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A959", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/547028", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/10120", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA04-104A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1064", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A897", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A959", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en el dibujado de los formatos de imagen (1) Windows Metafile (WMF) o (2) Enhanced Metafile (EMF) en Microsoft Windows NT 4.0 SP6a, 2000 SP2 a SP4, y XP SP1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante una imagen WMF o EMF malformada."}], "lastModified": "2024-11-20T23:45:46.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117"}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*", "vulnerable": true, "matchCriteriaId": "330B6798-5380-44AD-9B52-DF5955FA832C"}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14F55877-A759-4C8A-84D5-70508E449799"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}