Follow:

Policy:Win/MSRPCH.CIS.DoS!CAN-2003-0807

Severity rating
Critical

Class/Type
Policy

Discovered date
2004-04-13T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

A denial of service vulnerability exists in the CIS and in the RPC over HTTP Proxy components.



Impact

An attacker who successfully exploited the denial of service vulnerability could cause the affected components to stop responding.



Technical details (analysis)

COM Internet Services (CIS) allows DCOM to use RPC over HTTP to communicate between DCOM clients and DCOM servers. The process used by the affected components to validate message inputs under certain circumstances. If an attacker controls a system that is configured to receive traffic through CIS or RPC over HTTP, the attacker could create a malicious response to a request from CIS or RPC over HTTP that could exploit this vulnerability.



Affected software

Microsoft Windows NT Workstation 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE) and Microsoft Windows Millennium Edition (ME)



Non-affected software

All applications not on the affected list.



References




Solutions




NIS signature

Name: Policy:Win/MSRPCH.CIS.DoS!CAN-2003-0807
Release Date: 2004-04-13T00:00:00



Known false positives

This signature can cause false positives if you've already applied the patch.



Work-arounds

Disable forwarding to untrusted sources for CIS and for RPC over HTTP if they have been enabled manually on the affected systems.
If you do not need CIS or RPC over HTTP, disable this functionality on the affected systems.