MS-RPC: DCOM Remote Activation Attempt
This signature detects attempts to perform Remote Activation on a Windows DCE-RPC enabled system. Attackers can search for and exploit vulnerable systems.
Extended Description
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.
Affected Products
Microsoft windows_2000
References
BugTraq: 8458
CVE: CVE-2003-0715
URL: http://www.microsoft.com/technet/security/bulletin/MS03-039.mspx
Short Name
MS-RPC:DCOM:REMACT
Severity
Major
Recommended
False
Recommended Action
None
Category
MS-RPC
Keywords
Activation Attempt CA-2003-23 CVE-2003-0715 DCOM Remote bid:8458
Release Date
08/13/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Microsoft
CVSS Score
10.0