CVE-2003-0719 : Buffer overflow in the Private Communications Transport (PCT) protocol implement

Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.

Published 2004-06-01 04:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2003-0719

Microsoft » Windows Nt » Version: 4.0 Update Sp6a
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP4 Language FR
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP2
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Netmeeting
cpe:2.3:a:microsoft:netmeeting:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 98 » Update Gold
cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP1 Tablet Pc Edition
cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
Matching versions
Microsoft » Windows Me
cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: R2
cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2003-0719

EPSS FAQ

70.97%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2003-0719

MS04-011 Microsoft Private Communications Transport Overflow

Disclosure Date: 2004-04-13

First seen: 2020-04-26

exploit/windows/ssl/ms04_011_pct

This module exploits a buffer overflow in the Microsoft Windows SSL PCT protocol stack. This code is based on Johnny Cyberpunk's THC release and has been tested against Windows 2000 and Windows XP. To use this module, specify the remote port of any SSL serv

More information

CVSS scores for CVE-2003-0719

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2003-0719

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A889

404 Not Found
http://www.securityfocus.com/archive/1/361836

Patch;Vendor Advisory
http://xforce.iss.net/xforce/alerts/id/168

Patch;Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A951

404 Not Found
http://www.us-cert.gov/cas/techalerts/TA04-104A.html

Page Not Found | CISA
Third Party Advisory;US Government Resource

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1093

404 Not Found
http://www.kb.cert.org/vuls/id/586540

Patch;Third Party Advisory;US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A903
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011

Microsoft Security Bulletin MS04-011 - Critical | Microsoft Learn

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2003-0719

Products affected by CVE-2003-0719

Exploit prediction scoring system (EPSS) score for CVE-2003-0719

Metasploit modules for CVE-2003-0719

MS04-011 Microsoft Private Communications Transport Overflow

CVSS scores for CVE-2003-0719

References for CVE-2003-0719