{"vuid":"VU#967668","idnumber":"967668","name":"Microsoft Windows ListBox and ComboBox controls vulnerable to buffer overflow when supplied crafted Windows message","keywords":["Microsoft","ListBox","ComboBox","buffer overflow","User32.dll","crafted windows message","shatter","Q824141","MS03-045"],"overview":"There is a buffer overflow in a function called by the Microsoft Windows ListBox and ComboBox controls that could allow an attacker to execute arbitrary code with privileges of the process hosting the controls.","clean_desc":"Processes that run on Windows use messages in order to interact with the system and other processes. There is a buffer overflow in a function called by the Microsoft Windows ListBox and ComboBox controls. The function fails to properly validate the parameters that are sent from a crafted Windows Message. This could allow an attacker to execute arbitrary code with privileges of the process hosting the controls.","impact":"A local attacker can execute arbitrary code with privileges of the process hosting the controls, potentially gaining elevated privileges.","resolution":"Apply a patch as described in Microsoft Security Bulletin MS03-045.","workarounds":"","sysaffected":"","thanks":"Thanks to Microsoft  for reporting this vulnerability. Microsoft has credited Brett Moore for reporting this vulnerability.","author":"This document was written by Damon Morda based on information contained in Microsoft Security Bulletin MS03-045.","public":["http://www.microsoft.com/technet/security/bulletin/MS03-045.asp","http://support.microsoft.com/default.aspx?kbid=824141","http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winui/WinUI/WindowsUserInterface/Windowing/MessagesandMessageQueues/AboutMessagesandMessageQueues.asp","http://www.microsoft.com/enable/at/default.aspx"],"cveids":["CVE-2003-0659"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-10-15T19:18:19Z","publicdate":"2003-10-15T00:00:00Z","datefirstpublished":"2003-10-16T18:50:28Z","dateupdated":"2003-10-22T13:35:19Z","revision":18,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"15","cam_impact":"19","cam_easeofexploitation":"15","cam_attackeraccessrequired":"10","cam_scorecurrent":"14.428125","cam_scorecurrentwidelyknown":"18.4359375","cam_scorecurrentwidelyknownexploited":"34.4671875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":14.428125,"vulnote":null}