Signature Detail

MS-RPC: DCOM Remote Activation Attempt

This signature detects attempts to perform Remote Activation on a Windows DCE-RPC enabled system. Attackers can search for and exploit vulnerable systems.

Extended Description

Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.

Affected Products

• Microsoft windows_2000 (:advanced_server)
• Microsoft windows_2000 (:datacenter_server)
• Microsoft windows_2000 (:professional)
• Microsoft windows_2000 (:server)
• Microsoft windows_2000 (sp1)
• Microsoft windows_2000 (sp1:advanced_server)
• Microsoft windows_2000 (sp1:datacenter_server)
• Microsoft windows_2000 (sp1:professional)
• Microsoft windows_2000 (sp1:server)
• Microsoft windows_2000 (sp2)
• Microsoft windows_2000 (sp2:advanced_server)
• Microsoft windows_2000 (sp2:datacenter_server)
• Microsoft windows_2000 (sp2:professional)
• Microsoft windows_2000 (sp2:server)
• Microsoft windows_2000 (sp3)
• Microsoft windows_2000 (sp3:advanced_server)
• Microsoft windows_2000 (sp3:datacenter_server)
• Microsoft windows_2000 (sp3:professional)
• Microsoft windows_2000 (sp3:server)
• Microsoft windows_2000 (sp4)
• Microsoft windows_2000 (sp4:advanced_server)
• Microsoft windows_2000 (sp4:datacenter_server)
• Microsoft windows_2000 (sp4:professional)
• Microsoft windows_2000 (sp4:server)
• Microsoft windows_2003_server enterprise
• Microsoft windows_2003_server enterprise (:64-bit)
• Microsoft windows_2003_server enterprise_64-bit
• Microsoft windows_2003_server r2
• Microsoft windows_2003_server r2 (:64-bit)
• Microsoft windows_2003_server r2 (:datacenter_64-bit)
• Microsoft windows_2003_server standard
• Microsoft windows_2003_server standard (:64-bit)
• Microsoft windows_2003_server web
• Microsoft windows_nt 4.0
• Microsoft windows_nt 4.0 (:enterprise_server)
• Microsoft windows_nt 4.0 (:server)
• Microsoft windows_nt 4.0 (sp1)
• Microsoft windows_nt 4.0 (sp1:enterprise_server)
• Microsoft windows_nt 4.0 (sp1:server)
• Microsoft windows_nt 4.0 (sp1:terminal_server)
• Microsoft windows_nt 4.0 (sp1:workstation)
• Microsoft windows_nt 4.0 (sp2)
• Microsoft windows_nt 4.0 (sp2:enterprise_server)
• Microsoft windows_nt 4.0 (sp2:server)
• Microsoft windows_nt 4.0 (sp2:terminal_server)
• Microsoft windows_nt 4.0 (sp2:workstation)
• Microsoft windows_nt 4.0 (sp3)
• Microsoft windows_nt 4.0 (sp3:enterprise_server)
• Microsoft windows_nt 4.0 (sp3:server)
• Microsoft windows_nt 4.0 (sp3:terminal_server)
• Microsoft windows_nt 4.0 (sp3:workstation)
• Microsoft windows_nt 4.0 (sp4)
• Microsoft windows_nt 4.0 (sp4:enterprise_server)
• Microsoft windows_nt 4.0 (sp4:server)
• Microsoft windows_nt 4.0 (sp4:terminal_server)
• Microsoft windows_nt 4.0 (sp4:workstation)
• Microsoft windows_nt 4.0 (sp5)
• Microsoft windows_nt 4.0 (sp5:enterprise_server)
• Microsoft windows_nt 4.0 (sp5:server)
• Microsoft windows_nt 4.0 (sp5:terminal_server)
• Microsoft windows_nt 4.0 (sp5:workstation)
• Microsoft windows_nt 4.0 (sp6)
• Microsoft windows_nt 4.0 (sp6a)
• Microsoft windows_nt 4.0 (sp6a:enterprise_server)
• Microsoft windows_nt 4.0 (sp6a:server)
• Microsoft windows_nt 4.0 (sp6a:terminal_server)
• Microsoft windows_nt 4.0 (sp6a:workstation)
• Microsoft windows_nt 4.0 (sp6:enterprise_server)
• Microsoft windows_nt 4.0 (sp6:server)
• Microsoft windows_nt 4.0 (sp6:terminal_server)
• Microsoft windows_nt 4.0 (sp6:workstation)
• Microsoft windows_nt 4.0 (:terminal_server)
• Microsoft windows_nt 4.0 (:workstation)
• Microsoft windows_xp (:64-bit)
• Microsoft windows_xp (gold)
• Microsoft windows_xp (gold:professional)
• Microsoft windows_xp (:home)
• Microsoft windows_xp (sp1)
• Microsoft windows_xp (sp1:64-bit)
• Microsoft windows_xp (sp1:home)

References

• BugTraq: 8458
• CERT: CA-2003-23
• CVE: CVE-2003-0715
• URL: http://www.microsoft.com/technet/security/bulletin/MS03-039.mspx