MS-RPC: DCE-RPC Null Pointer Dereference

This signature detects attempts to exploit a known flaw in Microsoft Windows 2000 DCE-RPC service. A successful attack can result in a denial-of-service condition.

Extended Description

The Microsoft Windows RPC service contains a flaw that may allow a remote attacker to cause a denial of service. By sending a specifically malformed packet to TCP port 135, the RPC service will be disabled. This vulnerability was originally reported to only affect Windows 2000. Microsoft has confirmed that Windows NT 4.0 and XP are also vulnerable. It has been reported that installation of the provided patch will cause some problems in IIS environments. Specifically, users who are using COM+ in IIS environments may experience problems with ASP transactions. A variant of this issue has been reported which allegedly affects patched systems. It is apparently possible to trigger this variant by flooding a system with malformed packets.

Affected Products

Microsoft windows_nt_terminal_server

Short Name
MS-RPC:DCERPC-DOS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
MS-RPC
Keywords
CVE-2002-1561 DCE-RPC Dereference Null Pointer bid:6005
Release Date
05/08/2003
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Microsoft

CVSS Score

5.0

Found a potential security threat?