Vulnerability Note VU#568148
Microsoft Windows RPC vulnerable to buffer overflow
A buffer overflow vulnerability exists in Microsoft's Remote Procedure Call (RPC) implementation. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service. An exploit for this vulnerability is publicly available.
Microsoft describes their implementation of the RPC protocol as, "a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions."
A buffer overflow has been discovered in Microsoft's RPC implementation. Quoting from Microsoft Security Bulletin MS03-026:
A remote attacker could exploit this vulnerability to execute arbitrary code with System Privileges or cause a denial of service.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||16 Jul 2003|
|Nortel Networks, Inc.||Affected||17 Jul 2003||02 Aug 2003|
CVSS Metrics (Learn More)
This document was written by Ian A Finlay and Damon G. Morda.
- CVE IDs: CVE-2003-0352
- CERT Advisory: CA-2003-16
- Date Public: 16 Jul 2003
- Date First Published: 16 Jul 2003
- Date Last Updated: 19 Dec 2007
- Severity Metric: 78.75
- Document Revision: 27
If you have feedback, comments, or additional information about this vulnerability, please send us email.