Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0605

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0605
Last Modified 10 Sep 2008 03:19:49
Published 27 Aug 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0605

Summary

The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000


References

CERT-VN - VU#326746

CERT - CA-2003-23

CERT - CA-2003-19

MS - MS03-039

BUGTRAQ - 20030720 Microsoft Windows 2000 RPC DCOM Interface DOS AND Privilege Escalation Vulnerability

FULLDISC - 20030721 Microsoft Windows 2000 RPC DCOM Interface DOS AND Privilege Escalation Vulnerability


Last Updated: 27 May 2016 10:37:58