MS-RPC: LSASS Malicious OpCode
This signature detects attempts to exploit a known vulnerability in Microsoft Windows Local Security Authority Subsystem Service (LSASS). A successful attack allows attackers to remotely run arbitrary code on the target system. Note: This vulnerability is exploited by many worms.
Extended Description
Microsoft Windows LSASS (Local Security Authority Subsystem Service) is prone to a remotely exploitable buffer overrun vulnerability. The specific vulnerable system component is LSASRV.DLL. Successful exploitation of this issue could allow a remote attacker to execute malicious code on a vulnerable system, resulting in full system compromise. This issue could be exploited by an anonymous user on Microsoft Windows 2000 and XP operating systems. The issue may reportedly only be exploited by local, authenticated users on Microsoft Windows Server 2003 and Microsoft Windows XP 64-Bit Edition 2003. Microsoft has stated that a local administrator could exploit the issue on these platforms, though this does not appear to pose any additional security risk as the administrator will likely already have complete control over the system.
Affected Products
Avaya s8100_media_servers,Microsoft windows_xp_64-bit_edition_version_2003
References
BugTraq: 10108
CVE: CVE-2003-0533
URL: http://research.eeye.com/html/advisories/published/AD20040413C.html
Short Name
MS-RPC:LSASS:MAL-OPCODE
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
MS-RPC
Keywords
CVE-2003-0533 LSASS Malicious OpCode bid:10108
Release Date
04/26/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3713
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
7.5