Vulnerability Note VU#261537
Microsoft Windows RPC service vulnerable to DoS via NULL pointer dereference
The RPC service in Microsoft Windows NT 4.0, 2000, and XP can be terminated by a specially crafted RPC message. A remote attacker could cause a denial of service.
According to Microsoft Security Bulletin MS03-010, "Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system."
A vulnerability exists in a part of the RPC service called the RPC Endpoint Mapper. The RPC Endpoint Mapper listens for network requests (135/tcp), provides clients with port numbers for RPC services, and maintains information about RPC connections. According to a report from Immunity Security, vulnerable code in the RPC Endpoint Mapper dereferences a NULL pointer when processing a malformed RPC message.
An unauthenticated, remote attacker could cause the RPC Endpoint Mapper to terminate, denying service to legitimate users. Since the RPC Endpoint Mapper is part of the RPC service, "...exploiting this vulnerability would cause the RPC service to fail, with the attendant loss of any RPC-based services the server offers, as well as potential loss of some COM functions."
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||26 Mar 2003|
CVSS Metrics (Learn More)
This vulnerability was publicly reported by Dave Aitel of Immunity Security.
This document was written by Art A Manion.
- CVE IDs: CAN-2002-1561
- Date Public: 18 Oct 2002
- Date First Published: 26 Mar 2003
- Date Last Updated: 04 Jun 2003
- Severity Metric: 23.69
- Document Revision: 22
If you have feedback, comments, or additional information about this vulnerability, please send us email.