Public exploits available
On this page
A denial of service vulnerability exists in the CIS and in the RPC over HTTP Proxy components.
An attacker who successfully exploited the denial of service vulnerability could cause the affected components to stop responding.
Technical details (analysis)
COM Internet Services (CIS) allows DCOM to use RPC over HTTP to communicate between DCOM clients and DCOM servers. The process used by the affected components to validate message inputs under certain circumstances. If an attacker controls a system that is configured to receive traffic through CIS or RPC over HTTP, the attacker could create a malicious response to a request from CIS or RPC over HTTP that could exploit this vulnerability.
Microsoft Windows NT Workstation 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE) and Microsoft Windows Millennium Edition (ME)
All applications not on the affected list.
Release Date: 2004-04-13T00:00:00
Known false positives
This signature can cause false positives if you've already applied the patch.
Disable forwarding to untrusted sources for CIS and for RPC over HTTP if they have been enabled manually on the affected systems.
If you do not need CIS or RPC over HTTP, disable this functionality on the affected systems.