Microsoft RPCSS Service contains a memory management vulnerability that may permit a remote attacker to cause a denial-of-service situation.
The Microsoft RPCSS Service is responsible for managing Remote Procedure Call (RPC) messages and is enabled by default on many versions of Microsoft Windows. When the service receives a request from the DCOM/RPC interface to allocate memory, the size of the memory to be allocated is user-specified. A failure to check the size of the requested allocation and to reclaim discarded memory may lead to a resource exhaustion and cause a denial of service condition. The following systems are affected:
For more infomation please see Microsoft Security Bulletin MS04-012 and eEye Digital Security Advisory [AD20040413A].
A remote attacker can consume all available memory causing a denial-of-service condition.
Apply a patch from the vendor
Thanks to Microsoft and eEye Digital Security for reporting this vulnerability.
This document was written by Jason A Rafail.
|Date First Published:||2004-04-14|
|Date Last Updated:||2004-04-14 14:52 UTC|