National Cyber-Alert System
Vulnerability Summary: CVE-2003-0533
Orirignal release date: 2004-06-01
Source: US-CERT/NIST

Overview

    Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.

Impact

    CVSS Severity: 7 (High)
    Range: remote
    Authentication: input buffer="1"
    Impact Type: sec_prot other="1"

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    Windows XP (Microsoft)
    Windows 98 (Microsoft)
    Windows 2000 (Microsoft)
    Windows Server 2003 (Microsoft)
    NetMeeting (Microsoft)
    Windows NT (Microsoft)
    Windows ME (Microsoft)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0533