Follow:

Vulnerability:Win/RPCSS.MSGSVC.RCE!CVE-2003-0717

Severity rating
Critical

Class/Type
Vulnerability

Discovered date
2003-10-15T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

A security vulnerability exists in the Messenger Service that could allow arbitrary code execution on an affected system. The vulnerability results because the Messenger Service does not properly validate the length of a message before passing it to the allocated buffer.



Impact

An attacker could seek to exploit this vulnerability by creating a specially crafted message and sending it to the Messenger Service on an affected system



Technical details (analysis)

This is a buffer overrun vulnerability. An attacker who successfully exploited this vulnerability could be able to run code with Local System privileges on an affected system, or could cause the Messenger Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges. The vulnerability results because the Messenger Service does not properly validate the length of a message before passing it to the allocated buffer.



Affected software

Microsoft Windows NT Workstation 4.0, Service Pack 6a.
Microsoft Windows NT Server 4.0, Service Pack 6a.
Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6.
Microsoft Windows 2000, Service Pack 2, Service Pack 3, Service Pack 4.
Microsoft Windows XP Gold, Service Pack 1.
Microsoft Windows XP 64-bit Edition.
Microsoft Windows Server 2003.
Microsoft Windows Server 2003 64-bit Edition.



Non-affected software

Microsoft Windows Millennium Edition



References




Solutions




NIS signature

Name: Vulnerability:Win/RPCSS.MSGSVC.RCE!CVE-2003-0717
Release Date: 2003-10-15T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

Disable the Messenger Service.
Use a personal firewall such as Internet Connection Firewall (only available on XP and Windows Server 2003).