Rapid7 Vulnerability & Exploit Database

Microsoft DCE-RPC Buffer Overflow Vulnerability

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

Microsoft DCE-RPC Buffer Overflow Vulnerability

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

08/18/2003

Created

07/25/2018

Added

11/01/2004

Modified

03/18/2014

Description

Your system may require one or more security patches or hotfixes from Microsoft.

Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions. There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerability affects a Distributed Component Object Model (DCOM) interface with RPC, which listens on TCP/IP port 135. This interface handles DCOM object activation requests that are sent by client machines (such as Universal Naming Convention (UNC) paths) to the server. An attacker who successfully exploited this vulnerability would be able to run code with Local System privileges on an affected system. The attacker would be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges. To exploit this vulnerability, an attacker would need to send a specially formed request to the remote computer on port 135.

For more information, see http://www.microsoft.com/technet/security/bulletin/FQ03-026.asp.

Solution(s)

install-microsoft-patch-e40a765e027d931f8aa97f3f46dd3cd1
install-microsoft-patch-19c8259be42a65b4a4028278ea9ed166
install-microsoft-patch-3372bea9608be76042683d40af7a5bdb
WINDOWS-HOTFIX-MS03-026-c07daeae-e305-4955-95ab-4d318831a111
WINDOWS-HOTFIX-MS03-026-55703c2c-76e8-4e56-967e-5eff9cc9b9d7
WINDOWS-HOTFIX-MS03-026-d07d1e4c-f4f7-4cc4-b5fd-4a99c196829f

References

https://attackerkb.com/topics/cve-2003-0352
8205
CA-2003-16
CA-2003-19
568148
CVE - 2003-0352
MS03-026
OVAL194
OVAL2343
OVAL296
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007079.html
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007357.html
http://marc.theaimsgroup.com/?l=bugtraq&m=105838687731618&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=105914789527294&w=2
http://www.xfocus.org/documents/200307/2.html
12629

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft DCE-RPC Buffer Overflow Vulnerability

Microsoft DCE-RPC Buffer Overflow Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Success! Thank you for submission. We will be in touch shortly.

Submit your information and we will get in touch with you.