Nexpose Vulnerability Database
Windows DCE-RPC Denial Of Service
Severity |
CVSS |
Published |
Added |
Modified |
|---|---|---|---|---|
| Severe (7) | 5.4 (AV:N/AC:H/Au:N/C:N/I:N/A:C) | Nov 1, 2004 | Nov 1, 2004 | Jan 28, 2011 |
Description:
The Windows DCE-RPC service that listens on TCP port 135 can be crashed if certain malformed packets are sent to it. This causes a system-wide denial of service because DCE-RPC is necessary to perform many local functions. In some cases, depending on the just-in-time debugger settings on the remote machine, this attack will simply cause an exception dialog box to be displayed on the remote machine rather than disabling the service completely. The service may continue to serve new requests in this case.
Solution:
Microsoft Windows 2000 Professional, Microsoft Windows 2000 Datacenter Server, Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server
Install Microsoft service pack Windows 2000 Service Pack 4
Download and apply the upgrade from: http://support.microsoft.com/sp
Information on these pages is summary information extracted from the Nexpose Vulnerabilty Assessment system. Full details are provided within the Nexpose product for licensed users.
