HPI-VDB — Database for IT-Attack Analysis


ID: CVE-2003-0528

Last Modified: April 30, 2019

Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.

Access Vector: Network

Access Complexity: Low

Authentication: None

Confidentiality Impact: Complete

Integrity Impact: Complete

Availability Impact: Complete

Base Score: 10.0

Exploitability Score: 10.0

Impact Score: 10.0

CVSS V2: AV:N/AC:L/Au:N/C:C/I:C/A:C

Specialize CVSS-Score

NVD-CWE-Other

['alert tcp $EXTERNAL_NET any -> $HOME_NET 445 ( msg:"OS-WINDOWS Microsoft Windows SMB-DS DCERPC Remote Activation bind attempt"; flow:to_server,established; content:"|FF|SMB%",depth 5,offset 4,nocase; content:"&|00|",within 2,distance 56; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00|",within 12,distance 5,nocase; content:"|05|",within 1; content:"|0B|",within 1,distance 1; byte_test:1,&,1,0,relative; content:"|B8|J|9F|M|1C|}|CF 11 86 1E 00| |AF|n|7C|W",within 16,distance 29; tag:session,packets 5; metadata:ruleset community; service:netbios-ssn; reference:bugtraq,8234; reference:bugtraq,8458; reference:cve,2003-0528; reference:cve,2003-0605; reference:cve,2003-0715; reference:nessus,11798; reference:nessus,11835; reference:url,technet.microsoft.com/en-us/security/bulletin/MS03-039; classtype:attempted-admin; sid:2252; rev:22; )\n', 'alert tcp $EXTERNAL_NET any -> $HOME_NET [135,139,445,593,1024:] ( msg:"OS-WINDOWS DCERPC NCACN-IP-TCP IActivation remoteactivation overflow attempt"; flow:to_server,established; dce_iface:uuid 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57; dce_opnum:"0"; dce_stub_data; byte_test:4,>,256,52,dce; metadata:policy max-detect-ips drop,ruleset community; service:dcerpc,netbios-ssn; reference:bugtraq,8205; reference:cve,2003-0352; reference:cve,2003-0528; reference:cve,2003-0715; reference:url,technet.microsoft.com/en-us/security/bulletin/MS03-026; reference:url,technet.microsoft.com/en-us/security/bulletin/MS03-039; classtype:attempted-admin; sid:3409; rev:18; )\n', '# alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"OS-WINDOWS Microsoft Windows SMB-DS DCERPC Remote Activation bind attempt"; flow:to_server,established; content:"|FF|SMB%"; depth:5; offset:4; nocase; content:"&|00|"; within:2; distance:56; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00|"; within:12; distance:5; nocase; content:"|05|"; within:1; content:"|0B|"; within:1; distance:1; byte_test:1,&,1,0,relative; content:"|B8|J|9F|M|1C|}|CF 11 86 1E 00| |AF|n|7C|W"; within:16; distance:29; tag:session,5,packets; metadata:ruleset community, service netbios-ssn; reference:bugtraq,8234; reference:bugtraq,8458; reference:cve,2003-0528; reference:cve,2003-0605; reference:cve,2003-0715; reference:nessus,11798; reference:nessus,11835; reference:url,technet.microsoft.com/en-us/security/bulletin/MS03-039; classtype:attempted-admin; sid:2252; rev:22;)\n', '# alert tcp $EXTERNAL_NET any -> $HOME_NET [135,139,445,593,1024:] (msg:"OS-WINDOWS DCERPC NCACN-IP-TCP IActivation remoteactivation overflow attempt"; flow:to_server,established; dce_iface:4d9f4ab8-7d1c-11cf-861e-0020af6e7c57; dce_opnum:0; dce_stub_data; byte_test:4,>,256,52,dce; metadata:policy max-detect-ips drop, ruleset community, service dcerpc, service netbios-ssn; reference:bugtraq,8205; reference:cve,2003-0352; reference:cve,2003-0528; reference:cve,2003-0715; reference:url,technet.microsoft.com/en-us/security/bulletin/MS03-026; reference:url,technet.microsoft.com/en-us/security/bulletin/MS03-039; classtype:attempted-admin; sid:3409; rev:18;)\n']

Condition Configuration
OR
OR
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft 
                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

                  
                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="read"/>
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="remote"/>
        <prop key="range" value="local"/>
    </set>
</set>