Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0813

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2003-0813
Last Modified 10 Sep 2008 03:20:31
Published 17 Nov 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2003-0813

Summary

A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server Enterprise

  • Microsoft Windows 2003 Server Enterprise 64-bit

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Web

  • Microsoft Windows Nt 4.0

  • Microsoft Windows Xp


References

CERT-VN - VU#547820

CERT - TA04-104A

ISS - 20031014 Microsoft RPC Race Condition Denial of Service

MISC - http://www.securitylab.ru/_exploits/rpc2.c.txt

BUGTRAQ - 20031010 Bad news on RPC DCOM vulnerability

FULLDISC - 20031011 Bad news on RPC DCOM2 vulnerability

FULLDISC - 20031010 Re: Bad news on RPC DCOM vulnerability

FULLDISC - 20031010 Re : [VERY] BAD news on RPC DCOM Exploit

BID - 8811

MS - MS04-012

BUGTRAQ - 20031011 RE: Bad news on RPC DCOM vulnerability


Last Updated: 27 May 2016 10:38:04