CyberSec.Space Logo
Back to CVE Browser

CVE-2003-0118

HIGH
7.5
CVSS Severity Score
EPSS Score0.0780%
EPSS Percentile39.97th
PublishedMay 12, 2003
Last ModifiedApr 16, 2026

Vulnerability Description

SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Biztalk Server

= 2000
πŸ“¦
Microsoft

Biztalk Server

= 2000
πŸ“¦
Microsoft

Biztalk Server

= 2000
πŸ“¦
Microsoft

Biztalk Server

= 2000
πŸ“¦
Microsoft

Biztalk Server

= 2000
πŸ“¦
Microsoft

Biztalk Server

= 2000
πŸ“¦
Microsoft

Biztalk Server

= 2000
πŸ“¦
Microsoft

Biztalk Server

= 2000
πŸ“¦
Microsoft

Biztalk Server

= 2000
πŸ“¦
Microsoft

Biztalk Server

= 2002
πŸ“¦
Microsoft

Biztalk Server

= 2002

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=105216839231951&w=2
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-016
πŸ”— http://marc.info/?l=bugtraq&m=105216839231951&w=2
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-016

Related Vulnerabilities

CVE-2007-09409.3

Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft ...

CVE-2009-15349.3

Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP...

CVE-2012-01588.8

The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Micros...

CVE-2003-01177.5

Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to ...