ID CVE-2004-0116
Summary An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 12-10-2018 - 21:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
  • accepted 2011-05-16T04:03:37.564-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
    family windows
    id oval:org.mitre.oval:def:955
    status accepted
    submitted 2004-04-20T12:00:00.000-04:00
    title Windows 2000 RPCSS Service DCOM Activation Denial of Service
    version 68
  • accepted 2014-07-14T04:01:31.800-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    comment Microsoft Windows Server 2003 is installed
    oval oval:org.mitre.oval:def:128
    description An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
    family windows
    id oval:org.mitre.oval:def:957
    status accepted
    submitted 2004-04-20T12:00:00.000-04:00
    title Server 2003 RPCSS Service DCOM Activation Denial of Service
    version 68
  • accepted 2015-08-10T04:01:12.307-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows XP SP1 (32-bit) is installed
      oval oval:org.mitre.oval:def:1
    description An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
    family windows
    id oval:org.mitre.oval:def:958
    status accepted
    submitted 2004-04-20T12:00:00.000-04:00
    title Windows XP RPCSS Service DCOM Activation Denial of Service
    version 74
refmap via4
bid 10127
cert TA04-104A
cert-vn VU#417052
ciac O-115
eeye AD20040413A
ms MS04-012
sectrack 1009758
secunia 11065
xf win-rpcss-rpcmessage-dos(15708)
Last major update 12-10-2018 - 21:33
Published 01-06-2004 - 04:00
Back to Top