Nexpose Vulnerability Database
Microsoft DCE RPC Denial Of Service
Severity |
CVSS |
Published |
Added |
Modified |
|---|---|---|---|---|
| Critical (10) | 5.4 (AV:N/AC:H/Au:N/C:N/I:N/A:C) | Nov 1, 2004 | Nov 1, 2004 | Jan 28, 2011 |
Description:
By sending a specially malformed DCE RPC request to certain versions of Microsoft Windows, it is possible to crash the RPC service. If the attacker also possesses a local account on the system, he or she would also be able to elevate privileges by binding to port 135 and spoofing requests.
Solution:
There does not yet exist a patch for this vulnerability.
There does not yet exist a patch for this vulnerability.
Information on these pages is summary information extracted from the Nexpose Vulnerabilty Assessment system. Full details are provided within the Nexpose product for licensed users.
