{"api_version":"1","generated_at":"2026-07-10T04:21:34+00:00","cve":"CVE-2003-0533","urls":{"html":"https://cve.report/CVE-2003-0533","api":"https://cve.report/api/cve/CVE-2003-0533.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2003-0533","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2003-0533"},"summary":{"title":"CVE-2003-0533","description":"Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.","state":"PUBLISHED","assigner":"mitre","published_at":"2004-06-01 04:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A919","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A919","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020069.html","name":"http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020069.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[Full-Disclosure] EEYE: Windows Local Security Authority Service Remote Buffer Overflow","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A883","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A883","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/cas/techalerts/TA04-104A.html","name":"http://www.us-cert.gov/cas/techalerts/TA04-104A.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"US-CERT Technical Cyber Security Alert TA04-104A -- Multiple Vulnerabilities in Microsoft Products","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=108325860431471&w=2","name":"http://marc.info/?l=bugtraq&m=108325860431471&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"'MS04011 Lsasrv.dll RPC buffer overflow remote exploit (PoC)' - MARC","mime":"text/x-c","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ciac.org/ciac/bulletins/o-114.shtml","name":"http://www.ciac.org/ciac/bulletins/o-114.shtml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011","name":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft Security Bulletin MS04-011 - Critical | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A898","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A898","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/10108","name":"http://www.securityfocus.com/bid/10108","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft Windows LSASS Buffer Overrun Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.eeye.com/html/Research/Advisories/AD20040413C.html","name":"http://www.eeye.com/html/Research/Advisories/AD20040413C.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"BeyondTrust | Privileged Access Management, Cyber Security, and Remote Access (formerly Bomgar) | BeyondTrust","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/15699","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/15699","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/753212","name":"http://www.kb.cert.org/vuls/id/753212","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","US Government Resource"],"title":"US-CERT Vulnerability Note VU#753212","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2003-0533","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2003-0533","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2003","cve_id":"533","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"netmeeting","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"533","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_2000","cpe6":"*","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"533","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_2000","cpe6":"*","cpe7":"sp4","cpe8":"*","cpe9":"fr","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"533","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_2003_server","cpe6":"r2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"533","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_98","cpe6":"*","cpe7":"gold","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"533","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_me","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"533","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_nt","cpe6":"4.0","cpe7":"sp6a","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"533","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"*","cpe7":"sp1","cpe8":"tablet_pc","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T01:58:11.206Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"20040413 EEYE: Windows Local Security Authority Service Remote Buffer Overflow","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020069.html"},{"name":"O-114","tags":["third-party-advisory","government-resource","x_refsource_CIAC","x_transferred"],"url":"http://www.ciac.org/ciac/bulletins/o-114.shtml"},{"name":"AD20040413C","tags":["third-party-advisory","x_refsource_EEYE","x_transferred"],"url":"http://www.eeye.com/html/Research/Advisories/AD20040413C.html"},{"name":"win-lsass-bo(15699)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/15699"},{"name":"oval:org.mitre.oval:def:919","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A919"},{"name":"MS04-011","tags":["vendor-advisory","x_refsource_MS","x_transferred"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011"},{"name":"oval:org.mitre.oval:def:898","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A898"},{"name":"oval:org.mitre.oval:def:883","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A883"},{"name":"TA04-104A","tags":["third-party-advisory","x_refsource_CERT","x_transferred"],"url":"http://www.us-cert.gov/cas/techalerts/TA04-104A.html"},{"name":"20040429 MS04011 Lsasrv.dll RPC buffer overflow remote exploit (PoC)","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=108325860431471&w=2"},{"name":"10108","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/10108"},{"name":"VU#753212","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/753212"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2004-04-13T00:00:00.000Z","descriptions":[{"lang":"en","value":"Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-12T19:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"20040413 EEYE: Windows Local Security Authority Service Remote Buffer Overflow","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020069.html"},{"name":"O-114","tags":["third-party-advisory","government-resource","x_refsource_CIAC"],"url":"http://www.ciac.org/ciac/bulletins/o-114.shtml"},{"name":"AD20040413C","tags":["third-party-advisory","x_refsource_EEYE"],"url":"http://www.eeye.com/html/Research/Advisories/AD20040413C.html"},{"name":"win-lsass-bo(15699)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/15699"},{"name":"oval:org.mitre.oval:def:919","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A919"},{"name":"MS04-011","tags":["vendor-advisory","x_refsource_MS"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011"},{"name":"oval:org.mitre.oval:def:898","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A898"},{"name":"oval:org.mitre.oval:def:883","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A883"},{"name":"TA04-104A","tags":["third-party-advisory","x_refsource_CERT"],"url":"http://www.us-cert.gov/cas/techalerts/TA04-104A.html"},{"name":"20040429 MS04011 Lsasrv.dll RPC buffer overflow remote exploit (PoC)","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=108325860431471&w=2"},{"name":"10108","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/10108"},{"name":"VU#753212","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/753212"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2003-0533","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20040413 EEYE: Windows Local Security Authority Service Remote Buffer Overflow","refsource":"FULLDISC","url":"http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020069.html"},{"name":"O-114","refsource":"CIAC","url":"http://www.ciac.org/ciac/bulletins/o-114.shtml"},{"name":"AD20040413C","refsource":"EEYE","url":"http://www.eeye.com/html/Research/Advisories/AD20040413C.html"},{"name":"win-lsass-bo(15699)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/15699"},{"name":"oval:org.mitre.oval:def:919","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A919"},{"name":"MS04-011","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011"},{"name":"oval:org.mitre.oval:def:898","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A898"},{"name":"oval:org.mitre.oval:def:883","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A883"},{"name":"TA04-104A","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA04-104A.html"},{"name":"20040429 MS04011 Lsasrv.dll RPC buffer overflow remote exploit (PoC)","refsource":"BUGTRAQ","url":"http://marc.info/?l=bugtraq&m=108325860431471&w=2"},{"name":"10108","refsource":"BID","url":"http://www.securityfocus.com/bid/10108"},{"name":"VU#753212","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/753212"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2003-0533","datePublished":"2004-04-16T04:00:00.000Z","dateReserved":"2003-07-08T00:00:00.000Z","dateUpdated":"2024-08-08T01:58:11.206Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2004-06-01 04:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:netmeeting:*:*:*:*:*:*:*:*","matchCriteriaId":"C85E1F3F-1839-4EB9-BF31-E29194F596CA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*","matchCriteriaId":"4E8B7346-F2AA-434C-A048-7463EC1BB117"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*","matchCriteriaId":"330B6798-5380-44AD-9B52-DF5955FA832C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*","matchCriteriaId":"4E7FD818-322D-4089-A644-360C33943D29"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*","matchCriteriaId":"2D3B703C-79B2-4FA2-9E12-713AB977A880"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*","matchCriteriaId":"799DA395-C7F8-477C-8BC7-5B4B88FB7503"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*","matchCriteriaId":"14F55877-A759-4C8A-84D5-70508E449799"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*","matchCriteriaId":"B9687E6C-EDE9-42E4-93D0-C4144FEC917A"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2003","CveId":"533","Ordinal":"1","Title":"CVE-2003-0533","CVE":"CVE-2003-0533","Year":"2003"},"notes":[{"CveYear":"2003","CveId":"533","Ordinal":"1","NoteData":"Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.","Type":"Description","Title":"CVE-2003-0533"},{"CveYear":"2003","CveId":"533","Ordinal":"2","NoteData":"2004-04-16","Type":"Other","Title":"Published"},{"CveYear":"2003","CveId":"533","Ordinal":"3","NoteData":"2018-10-12","Type":"Other","Title":"Modified"}]}}}