VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 17, 2003· Updated Jun 16, 2026

CVE-2003-0659

CVE-2003-0659

Description

Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

50
  • Microsoft/Windows 20005 versions
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • Microsoft/Windows Server 20036 versions
    cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*+ 5 more
    • cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
  • Microsoft/Windows Nt32 versions
    cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*+ 31 more
    • cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*
    • (no CPE)range: through Server 2003
  • Microsoft/Windows Xp7 versions
    cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*+ 6 more
    • cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

9

News mentions

0

No linked articles in our index yet.