|
|
|
Vulnerability Note VU#417052Microsoft RPCSS Service contains memory leak in handling of specially crafted messagesOverviewMicrosoft RPCSS Service contains a memory management vulnerability that may permit a remote attacker to cause a denial-of-service situation.I. DescriptionThe Microsoft RPCSS Service is responsible for managing Remote Procedure Call (RPC) messages and is enabled by default on many versions of Microsoft Windows. When the service receives a request from the DCOM/RPC interface to allocate memory, the size of the memory to be allocated is user-specified. A failure to check the size of the requested allocation and to reclaim discarded memory may lead to a resource exhaustion and cause a denial of service condition. The following systems are affected:
For more infomation please see Microsoft Security Bulletin MS04-012 and eEye Digital Security Advisory [AD20040413A]. II. ImpactA remote attacker can consume all available memory causing a denial-of-service condition.III. SolutionApply a patch from the vendor
References
Thanks to Microsoft and eEye Digital Security for reporting this vulnerability. This document was written by Jason A Rafail.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||
Get Adobe Reader