MS-RPC: DCE-RPC Windows RPC Locator Service Overflow (1)
This signature detects attempts to exploit a known vulnerability in the Windows DCE RPC Locator service. By default, this service is on in all Windows NT 4 and Windows 2000 Domain Controllers, or can be turned on manually in all Windows NT, 2000, and XP systems. Attackers can deny the locator service, causing network-wide outages, or they can take control and run arbitrary code.
Extended Description
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
Affected Products
Microsoft windows_2000
Short Name
MS-RPC:OF:LOC-SVC-1
Severity
Major
Recommended
False
Recommended Action
Drop
Category
MS-RPC
Keywords
(1) CA-2003-03 CVE-2003-0003 DCE-RPC Locator Overflow RPC Service Windows bid:6666
Release Date
04/08/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5