返回 CVE 瀏覽器

CVE-2003-0118

HIGH

7.5

CVSS Severity Score

EPSS Score0.0780%

EPSS Percentile39.97th

Published2003年5月12日

Last Modified2026年4月16日

Vulnerability Description

SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.

Affected Platforms (CPE)

📦

Microsoft

Biztalk Server

= 2000

📦

Microsoft

Biztalk Server

= 2000

📦

Microsoft

Biztalk Server

= 2000

📦

Microsoft

Biztalk Server

= 2000

📦

Microsoft

Biztalk Server

= 2000

📦

Microsoft

Biztalk Server

= 2000

📦

Microsoft

Biztalk Server

= 2000

📦

Microsoft

Biztalk Server

= 2000

📦

Microsoft

Biztalk Server

= 2000

📦

Microsoft

Biztalk Server

= 2002

📦

Microsoft

Biztalk Server

= 2002

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=105216839231951&w=2

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-016

🔗 http://marc.info/?l=bugtraq&m=105216839231951&w=2

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-016

相關漏洞威脅

CVE-2007-09409.3

Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft ...

CVE-2009-15349.3

Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP...

CVE-2012-01588.8

The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Micros...

CVE-2003-01177.5

Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to ...