CVE-2003-0528

2003-09-1704:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2003-0528

dcom

rpcss

buffer overflow

security vulnerability

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.696 Medium

EPSS

Percentile

98.0%

JSON

Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.

CPENameOperatorVersion
microsoft:windows_ntmicrosoft windows nteq4.0
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_2003_servermicrosoft windows 2003 servereqweb
microsoft:windows_2003_servermicrosoft windows 2003 servereqenterprise
microsoft:windows_2003_servermicrosoft windows 2003 servereqenterprise_64-bit
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_2003_servermicrosoft windows 2003 servereqr2
microsoft:windows_2003_servermicrosoft windows 2003 servereqstandard

CPE	Name	Operator	Version
microsoft:windows_nt	microsoft windows nt	eq	4.0
microsoft:windows_xp	microsoft windows xp	eq	*
microsoft:windows_2003_server	microsoft windows 2003 server	eq	web
microsoft:windows_2003_server	microsoft windows 2003 server	eq	enterprise
microsoft:windows_2003_server	microsoft windows 2003 server	eq	enterprise_64-bit
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_2003_server	microsoft windows 2003 server	eq	r2
microsoft:windows_2003_server	microsoft windows 2003 server	eq	standard