Vulnerability Note VU#417052
Microsoft RPCSS Service contains memory leak in handling of specially crafted messages
Microsoft RPCSS Service contains a memory management vulnerability that may permit a remote attacker to cause a denial-of-service situation.
The Microsoft RPCSS Service is responsible for managing Remote Procedure Call (RPC) messages and is enabled by default on many versions of Microsoft Windows. When the service receives a request from the DCOM/RPC interface to allocate memory, the size of the memory to be allocated is user-specified. A failure to check the size of the requested allocation and to reclaim discarded memory may lead to a resource exhaustion and cause a denial of service condition. The following systems are affected:
For more infomation please see Microsoft Security Bulletin MS04-012 and eEye Digital Security Advisory [AD20040413A].
A remote attacker can consume all available memory causing a denial-of-service condition.
Apply a patch from the vendor
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||14 Apr 2004|
CVSS Metrics (Learn More)
Thanks to Microsoft and eEye Digital Security for reporting this vulnerability.
This document was written by Jason A Rafail.
- CVE IDs: CAN-2004-0116
- Date Public: 13 Apr 2004
- Date First Published: 14 Apr 2004
- Date Last Updated: 14 Apr 2004
- Severity Metric: 3.80
- Document Revision: 3
If you have feedback, comments, or additional information about this vulnerability, please send us email.