MS.RPC.DCOM.Overflow
Description
This indicates an attempt to exploit a buffer-overflow vulnerability in the DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003.
The vulnerability is due to the the software's inability to properly check the bounds of client DCOM object activation requests. Remote attackers may exploit this to execute arbitrary code, as in the case of the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
Affected Products
Microsoft Windows NT 4.0, 2000, XP, and Server 2003
Impact
System compromise: Remote code execution.
Recommended Actions
Apply the patch as given in the Microsoft Security Bulletin MS03-026:
http://www.microsoft.com/technet/security/Bulletin/MS03-026.mspx
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |