ID |
CVE-2003-0605
|
Summary |
The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
|
CVSS |
Base: | 7.5 (as of 30-04-2019 - 14:27) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
oval
via4
|
accepted | 2011-05-16T04:00:20.426-04:00 | class | vulnerability | contributors | name | Christine Walzer | organization | The MITRE Corporation |
name | Andrew Buttner | organization | The MITRE Corporation |
name | Shane Shaffer | organization | G2, Inc. |
name | Sudhir Gandhe | organization | Telos |
name | Shane Shaffer | organization | G2, Inc. |
| description | The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function. | family | windows | id | oval:org.mitre.oval:def:1118 | status | accepted | submitted | 2005-01-18T12:00:00.000-04:00 | title | MS Windows RPC DCOM DoS-based Privilege Escalation Vulnerability (Test 2) | version | 71 |
accepted | 2011-05-16T04:03:07.115-04:00 | class | vulnerability | contributors | name | Tiffany Bergeron | organization | The MITRE Corporation |
name | Shane Shaffer | organization | G2, Inc. |
name | Sudhir Gandhe | organization | Telos |
name | Shane Shaffer | organization | G2, Inc. |
| description | The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function. | family | windows | id | oval:org.mitre.oval:def:494 | status | accepted | submitted | 2003-12-03T12:00:00.000-04:00 | title | MS Windows RPC DCOM DoS-based Privilege Escalation Vulnerability | version | 70 |
|
refmap
via4
|
bugtraq | 20030720 Microsoft Windows 2000 RPC DCOM Interface DOS AND Privilege Escalation Vulnerability | cert | | cert-vn | VU#326746 | fulldisc | 20030721 Microsoft Windows 2000 RPC DCOM Interface DOS AND Privilege Escalation Vulnerability |
|
Last major update |
30-04-2019 - 14:27 |
Published |
27-08-2003 - 04:00 |
Last modified |
30-04-2019 - 14:27 |