Microsoft Windows RPC Locator Remote Overflow

2003-01-30T00:00:00
ID OSVDB:7117
Type osvdb
Reporter David Litchfield(david@ngssoftware.com)
Modified 2003-01-30T00:00:00

Description

Vulnerability Description

A remote overflow exists in Windows. The RPC Locator service fails to validate search requests resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Windows. The RPC Locator service fails to validate search requests resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Other Advisory URL: http://www.nextgenss.com/advisories/ms-rpc-loc.txt Microsoft Security Bulletin: MS03-001 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=104394414713415&w=2 Keyword: #NISR29012003 ISS X-Force ID: 11132 CVE-2003-0003 CIAC Advisory: n-033 CERT VU: 610986 CERT: CA-2003-03 Bugtraq ID: 6666