Vulnerability Name:

CVE-2003-0813 (CCN-13426)

Assigned:2003-10-14
Published:2003-10-14
Updated:2019-04-30
Summary:A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2003-0813

Source: FULLDISC
Type: UNKNOWN
20031010 Re : [VERY] BAD news on RPC DCOM Exploit

Source: FULLDISC
Type: UNKNOWN
20031010 Re: Bad news on RPC DCOM vulnerability

Source: FULLDISC
Type: UNKNOWN
20031011 Bad news on RPC DCOM2 vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20031010 Bad news on RPC DCOM vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20031011 RE: Bad news on RPC DCOM vulnerability

Source: NTBUGTRAQ
Type: UNKNOWN
20031010 Bad news on RPC DCOM vulnerability

Source: CCN
Type: CIAC Information Bulletin O-115
Microsoft Cumulative Update for RPC/DCOM

Source: CCN
Type: US-CERT VU#547820
Microsoft Windows DCOM/RPC vulnerability

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#547820

Source: CCN
Type: Microsoft Security Bulletin MS04-012
Cumulative Update for Microsoft RPC/DCOM (828741)

Source: CCN
Type: Microsoft Security Bulletin MS05-051
Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)

Source: CCN
Type: Microsoft Security Bulletin MS06-018
Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580)

Source: BID
Type: UNKNOWN
8811

Source: CCN
Type: BID-8811
Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability

Source: MISC
Type: UNKNOWN
http://www.securitylab.ru/_exploits/rpc2.c.txt

Source: CERT
Type: US Government Resource
TA04-104A

Source: CCN
Type: Internet Security Systems Security Advisory, October 14, 2003
Microsoft RPC Race Condition Denial of Service

Source: ISS
Type: Patch, Vendor Advisory
20031014 Microsoft RPC Race Condition Denial of Service

Source: CCN
Type: Internet Security Systems Security Alert, April 13, 2004
Multiple Vulnerabilities in Microsoft Products

Source: MS
Type: UNKNOWN
MS04-012

Source: XF
Type: UNKNOWN
win-rpc-race-condition(13426)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:893

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:894

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:900

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp1:*:*:server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp1:*:*:terminal_server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp1:*:*:workstation:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp2:*:*:server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp2:*:*:terminal_server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp2:*:*:workstation:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp3:*:*:server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp3:*:*:terminal_server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp3:*:*:workstation:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp4:*:*:server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp4:*:*:terminal_server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp4:*:*:workstation:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp5:*:*:server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp5:*:*:terminal_server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp5:*:*:workstation:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp6:*:*:server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp6:*:*:terminal_server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp6:*:*:workstation:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp6a:*:*:server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp6a:*:*:workstation:*:x86:*
  • OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:900
    V
    		Windows XP RPCSS DCOM Buffer Overflow (Blaster)
    2015-08-10
    oval:org.mitre.oval:def:894
    V
    		Server 2003 RPCSS DCOM Buffer Overflow
    2014-07-14
    oval:org.mitre.oval:def:893
    V
    		Windows 2000 RPCSS DCOM Buffer Overflow (Blaster, Test 3)
    2004-06-16
    BACK
    microsoft windows 2000 *
    microsoft windows 2000 * sp1
    microsoft windows 2000 * sp2
    microsoft windows 2000 * sp3
    microsoft windows 2000 * sp4
    microsoft windows 2003 server enterprise
    microsoft windows 2003 server enterprise_64-bit
    microsoft windows 2003 server r2
    microsoft windows 2003 server r2
    microsoft windows 2003 server standard
    microsoft windows 2003 server web
    microsoft windows nt 4.0
    microsoft windows nt 4.0
    microsoft windows nt 4.0
    microsoft windows nt 4.0
    microsoft windows nt 4.0 sp1
    microsoft windows nt 4.0 sp1
    microsoft windows nt 4.0 sp1
    microsoft windows nt 4.0 sp1
    microsoft windows nt 4.0 sp2
    microsoft windows nt 4.0 sp2
    microsoft windows nt 4.0 sp2
    microsoft windows nt 4.0 sp2
    microsoft windows nt 4.0 sp3
    microsoft windows nt 4.0 sp3
    microsoft windows nt 4.0 sp3
    microsoft windows nt 4.0 sp3
    microsoft windows nt 4.0 sp4
    microsoft windows nt 4.0 sp4
    microsoft windows nt 4.0 sp4
    microsoft windows nt 4.0 sp4
    microsoft windows nt 4.0 sp5
    microsoft windows nt 4.0 sp5
    microsoft windows nt 4.0 sp5
    microsoft windows nt 4.0 sp5
    microsoft windows nt 4.0 sp6
    microsoft windows nt 4.0 sp6
    microsoft windows nt 4.0 sp6
    microsoft windows nt 4.0 sp6
    microsoft windows nt 4.0 sp6a
    microsoft windows nt 4.0 sp6a
    microsoft windows nt 4.0 sp6a
    microsoft windows xp *
    microsoft windows xp *
    microsoft windows xp *
    microsoft windows xp * gold
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows 2000 *
    microsoft windows xp