SCAN: Core Impact MSRPC WKSSVC Exploit

This signature detects the CORE Impact penetration testing tool using the MSRPC WKSSVC exploit against your network (this exploit is also detected by the signature attack object CRIT:MS-RPC:WKST-SVC-OF). Because CORE Impact can chain one infected computer to another, other machines in the network might already be compromised. CORE Impact can be used legitimately to perform a network security audit of your network. However, if a network security audit is not in progress, this signature can indicate that a malicious attacker is using the CORE Impact tool to compromise your network.

Extended Description

It has been reported that Microsoft Windows Workstation (WKSSVC.DLL) service is prone to a vulnerability that may allow a remote attacker to gain unauthorized access to a vulnerable host. The problem is in the handling of requests by the Workstation Service. The Workstation Service does not properly check bounds on remote data therefore making it possible to overwrite sensitive regions of system memory.

Affected Products

Cisco sn_5420_storage_router,Cisco call_manager

Short Name
SCAN:CORE:MSRPC-WKSSVC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SCAN
Keywords
CVE-2003-0812 Core Exploit Impact MSRPC WKSSVC bid:9011
Release Date
12/08/2004
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Cisco

Microsoft

CVSS Score

7.5

Found a potential security threat?