CVE-2003-0659

Name of the Vulnerable Software and Affected Versions: Windows NT through Server 2003

Description: A buffer overflow issue exists in the User32.dll on Windows, allowing local users to execute arbitrary code. This can be achieved by sending long LB DIR messages to ListBox or CB DIR messages to ComboBox controls in a privileged application.

Recommendations: For Windows NT through Server 2003, consider restricting access to privileged applications that utilize ListBox or ComboBox controls to minimize the risk of exploitation. As a temporary workaround, avoid using the LB DIR and CB DIR messages in these controls until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.