Vulnerabilities > CVE-2003-0715 - Unspecified vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 48 |
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS03-026.NASL description The remote host is running a version of Windows affected by several vulnerabilities in its RPC interface and RPCSS Service, that could allow an attacker to execute arbitrary code and gain SYSTEM privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 11790 published 2003-07-17 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11790 title MS03-026 / MS03-039: Buffer Overrun In RPCSS Service Could Allow Code Execution (823980 / 824146) NASL family Windows NASL id MSRPC_DCOM2.NASL description The remote host is running a version of Windows that has a flaw in its RPC interface, which may allow an attacker to execute arbitrary code and gain SYSTEM privileges. An attacker or a worm could use it to gain the control of this host. Note that this is NOT the same bug as the one described in MS03-026, which fixes the flaw exploited by the last seen 2020-06-01 modified 2020-06-02 plugin id 11835 published 2003-09-10 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11835 title MS03-039: Microsoft RPC Interface Buffer Overrun (824146) (uncredentialed check)
Oval
accepted 2005-03-09T07:56:00.000-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation description Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528. family windows id oval:org.mitre.oval:def:1202 status accepted submitted 2005-01-18T12:00:00.000-04:00 title Windows Server 2003 (64-bit) RPCSS DCOM Buffer Overflow (Blaster) version 66 accepted 2011-05-16T04:01:53.390-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528. family windows id oval:org.mitre.oval:def:1813 status accepted submitted 2005-01-18T12:00:00.000-04:00 title Windows XP (32-bit, SP1) RPCSS DCOM Buffer Overflow (Blaster) version 69 accepted 2005-06-29T06:49:00.000-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc.
description Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528. family windows id oval:org.mitre.oval:def:20 status deprecated submitted 2004-11-02T12:00:00.000-04:00 title Suppressed OVAL20 version 65 accepted 2011-05-16T04:02:34.353-04:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528. family windows id oval:org.mitre.oval:def:264 status accepted submitted 2003-12-03T12:00:00.000-04:00 title Windows 2000 RPCSS DCOM Buffer Overflow (Blaster, Test 1) version 70 accepted 2005-03-09T07:56:00.000-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation description Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528. family windows id oval:org.mitre.oval:def:4224 status accepted submitted 2005-01-18T12:00:00.000-04:00 title Windows XP (32-bit) RPCSS DCOM Buffer Overflow (Blaster) version 65
References
- http://marc.info/?l=bugtraq&m=106322856608909&w=2
- http://www.cert.org/advisories/CA-2003-23.html
- http://www.kb.cert.org/vuls/id/483492
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-039
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1202
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1813
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A20
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A264
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4224