11797 : Microsoft Windows DCOM RPCSS Service DCERPC Packet Overflow
Printer | http://osvdb.org/11797 | Email This | Edit Vulnerability

Views This Week
1

Views All Time
72

Info

Last Modified
10 months ago

Percent Complete
100%

Disclosure
Sep 10, 2003

Discovery
Unknown

Dates

Exploit
Sep 16, 2003

Solution
Unknown

Description

 A remote overflow exists in Windows. The DCOM RPC interface fails to validate DCERPC object activation request packets resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

 Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

 Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products
Microsoft Corporation
Watch-list
Windows
Watch-list
 NT 4.0 Workstation
NT 4.0 Server
NT 4.0 Server, Terminal Server Edition
2000
XP
2003 Server

References

Tools & Filters

Nessus

 11790 11835

Snort

 2251 2252 3158 3159 3176 3177 3178 3179 3180 3181 3182 3183 3184 3185 3186 3187 3188 3189 3190 3191 3409 3410 3411 3412 3413 3414 3415 3416 3417 3418 3419 3420 3421 3422 3423 3424 3425 3426 3427 3428 3429 3430 3431 3432 3433 3434 3435 3436 3437 3438 3439 3440 8608 8609 8610 8611 8612 8613 8614 8615 8616 8617 8618 8619 8620 8621 8622 8623 8624 8625 8626 8627 8628 8629 8630 8631 8632 8633 8634 8635 8636 ... and 150 more

Credit
  • Barnaby Jack - infoBrand New Doo DooeEye.com - eEye Digital Security

Blogs

Provided by Technorati

 None found at this time

Comments

Add Comment

No Comments.

DONATE NOW!

User Status

Quick Searches

Advertisements

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2008 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use