Oval Definition:oval:org.mitre.oval:def:127
Revision Date:2011-05-16Version:47
Title:RPCSS DCOM Buffer Overflow (Windows 2000)
Description:Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2003-0528
Platform(s):Microsoft Windows 2000
Product(s):Remote Procedure Call (RPC)
Definition Synopsis
  • Software section
  • Windows 2000 is installed
  • AND the version of rpcrt4.dll is less than 5.0.2195.6802
  • AND NOT the patch kb824146 is installed (Hotfix key)
  • AND Configuration section
  • DCOM is enabled on systems with SP3 or later
  • Win2K/XP/2003 service pack 3 (or later) is installed
  • AND DCOM is enabled
  • BACK