MS-RPC: ISystemActivate Race Condition
This protocol anomaly detects too many DCE/RPC ISystemActivate requests. Excessive requests can indicate an attack is underway and can lead to a denial of service (DoS) in the RPCSS module.
Extended Description
It has been reported that a variant attack in the RPCSS service of Microsoft Windows exists. Because of this, it may be possible for an attacker to mount denial of service attacks and execute arbitrary code on the affected system. The source of the issue is reportedly a multi-thread race condition that occurs when handling a large number of RPC request. It has been confirmed by the vendor that this issue may be leveraged to execute arbitrary code on the affected system. This may allow an attacker to gain control of the affected system.
Affected Products
Avaya s8100_media_servers,Microsoft windows_nt_terminal_server
Short Name
MS-RPC:MSRPC-ISYSACTIVATE-RACE
Severity
Major
Recommended
False
Recommended Action
None
Category
MS-RPC
Keywords
CVE-2003-0813 MS04-012 bid:8811
Release Date
05/05/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
5.1