Executive Summary
Informations | |||
---|---|---|---|
Name | MS04-012 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 5.1 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cumulative Update for Microsoft RPC/DCOM (828741) |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-27 | Leveraging Race Conditions via Symbolic Links |
CAPEC-29 | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1030 | |||
Oval ID: | oval:org.mitre.oval:def:1030 | ||
Title: | Windows Server 2003 COM Internet Services/RPC over HTTP Proxy Component Buffer Overflow | ||
Description: | Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0807 | Version: | 2 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | COM Internet Services |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1041 | |||
Oval ID: | oval:org.mitre.oval:def:1041 | ||
Title: | DCOM RPC Object Identity Windows NT Vulnerability | ||
Description: | The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0124 | Version: | 2 |
Platform(s): | Microsoft Windows NT | Product(s): | Remote Procedure Call (RPC) |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1062 | |||
Oval ID: | oval:org.mitre.oval:def:1062 | ||
Title: | DCOM RPC Object Identity Windows 2000 Vulnerability | ||
Description: | The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0124 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Remote Procedure Call (RPC) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:1066 | |||
Oval ID: | oval:org.mitre.oval:def:1066 | ||
Title: | DCOM RPC Object Identity Windows 2003 Vulnerability | ||
Description: | The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0124 | Version: | 1 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Remote Procedure Call (RPC) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:1072 | |||
Oval ID: | oval:org.mitre.oval:def:1072 | ||
Title: | DCOM RPC Object Identity Windows XP Vulnerability | ||
Description: | The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0124 | Version: | 7 |
Platform(s): | Microsoft Windows XP | Product(s): | Remote Procedure Call (RPC) |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:893 | |||
Oval ID: | oval:org.mitre.oval:def:893 | ||
Title: | Windows 2000 RPCSS DCOM Buffer Overflow (Blaster, Test 3) | ||
Description: | A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0813 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Remote Procedure Call (RPC) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:894 | |||
Oval ID: | oval:org.mitre.oval:def:894 | ||
Title: | Server 2003 RPCSS DCOM Buffer Overflow | ||
Description: | A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0813 | Version: | 3 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Remote Procedure Call (RPC) |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:900 | |||
Oval ID: | oval:org.mitre.oval:def:900 | ||
Title: | Windows XP RPCSS DCOM Buffer Overflow (Blaster) | ||
Description: | A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0813 | Version: | 6 |
Platform(s): | Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:955 | |||
Oval ID: | oval:org.mitre.oval:def:955 | ||
Title: | Windows 2000 RPCSS Service DCOM Activation Denial of Service | ||
Description: | An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0116 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Remote Procedure Call (RPC) |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:957 | |||
Oval ID: | oval:org.mitre.oval:def:957 | ||
Title: | Server 2003 RPCSS Service DCOM Activation Denial of Service | ||
Description: | An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0116 | Version: | 3 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Remote Procedure Call (RPC) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:958 | |||
Oval ID: | oval:org.mitre.oval:def:958 | ||
Title: | Windows XP RPCSS Service DCOM Activation Denial of Service | ||
Description: | An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0116 | Version: | 9 |
Platform(s): | Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:969 | |||
Oval ID: | oval:org.mitre.oval:def:969 | ||
Title: | Windows NT COM Internet Services/RPC over HTTP Proxy Component Buffer Overflow | ||
Description: | Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0807 | Version: | 3 |
Platform(s): | Microsoft Windows NT | Product(s): | COM Internet Services |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:995 | |||
Oval ID: | oval:org.mitre.oval:def:995 | ||
Title: | Windows 2000 COM Internet Services/RPC over HTTP Proxy Component Buffer Overflow | ||
Description: | Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0807 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 | Product(s): | COM Internet Services |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-16 | Name : Microsoft RPC Interface Buffer Overrun (KB824146) File : nvt/msrpc_dcom2.nasl |
2005-11-03 | Name : Microsoft RPC Interface Buffer Overrun (823980) File : nvt/msrpc_dcom.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
5247 | Microsoft Windows DCOM RPC Object Identity Information Disclosure Microsoft Windows contains a flaw that may result in a remote information disclosure. The issue is due to the DCOM RPC interface initiating network communications via an "alter context". If a remote attacker can manipulate the interface to use this feature, the service may start up network communications on additional ports that also leak sensitive data. |
5246 | Microsoft Windows CIS/RPC Over HTTP DoS Microsoft Windows contains a flaw that may allow a remote denial of service. The issue is triggered due to the COM Internet Service (CIS) and RPC over HTTP Proxy components, which do not properly validate message input. With a specially crafted message, a remote attacker could cause the components to stop responding resulting in loss of availability. |
5245 | Microsoft Windows RPCSS Large Length Field DoS Microsoft Windows contains a flaw that may allow a remote denial of service. The issue is triggered due to the handling of RPC DCOM requests. With a specially crafted request containing an overly large value in the length field, a remote attacker could cause the RPCSS service to consume all available memory resulting in a loss of availability. |
2670 | Microsoft Windows RPC Race Condition DoS Windows contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted RPC request is received, and will result in loss of availability for the service and/or platform.. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | DCERPC NCACN-IP-TCP ISystemActivator RemoteCreateInstance little endian attempt RuleID : 9601 - Revision : 8 - Type : NETBIOS |
2014-01-10 | SMB-DS DCEPRC ORPCThis request flood attempt RuleID : 2496 - Revision : 14 - Type : NETBIOS |
2014-01-10 | SMB DCEPRC ORPCThis request flood attempt RuleID : 2495 - Revision : 14 - Type : NETBIOS |
2014-01-10 | DCEPRC ORPCThis request flood attempt RuleID : 2494 - Revision : 14 - Type : NETBIOS |
2014-01-10 | DCERPC ISystemActivate flood attempt RuleID : 21262 - Revision : 6 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-03-16 | Name : Arbitrary code can be executed on the remote host. File : smb_kb828741.nasl - Type : ACT_GATHER_INFO |
2004-04-13 | Name : Arbitrary code can be executed on the remote host. File : smb_nt_ms04-012.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:44:59 |
|
2014-01-19 21:29:51 |
|