oval:org.mitre.oval:def:2343

Definition Id: oval:org.mitre.oval:def:2343

Oval ID:	oval:org.mitre.oval:def:2343
Title:	Windows XP RPCSS DCOM Buffer Overflow (Blaster, Test 2)
Description:	Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0352	Version:	4
Platform(s):	Microsoft Windows XP	Product(s):	Distributed Component Object Model (DCOM)
Definition Synopsis:
Software section Windows XP 32-bit OR Windows XP 64-bit is installed Windows XP 32-bit edition is installed Windows XP is installed AND 32-Bit version of Windows is installed OR Windows XP 64-bit Windows XP is installed AND a version of Windows for the ia64 architecture is installed AND A vulnerable version of rpcrt4.dll exists depending on service pack level no service pack is installed and rpcrt4.dll is less than 5.1.2600.109 NOT Win2K/XP/2003 is patched AND the version of rpcrt4.dll is less than 5.1.2600.109 AND SP1 is installed and the version of rpcrt4.dll is less than 5.1.2600.1254 Win2K/XP/2003 service pack 1 is installed AND the version of rpcrt4.dll is less than 5.1.2600.1254 AND the patch kb824146 is installed (Hotfix key) AND Configuration section DCOM is enabled