MS.RPC.DCOM.Overflow

description-logoDescription

This indicates an attempt to exploit a buffer-overflow vulnerability in the DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003.
The vulnerability is due to the the software's inability to properly check the bounds of client DCOM object activation requests. Remote attackers may exploit this to execute arbitrary code, as in the case of the Blaster/MSblast/LovSAN and Nachi/Welchia worms.

affected-products-logoAffected Products

Microsoft Windows NT 4.0, 2000, XP, and Server 2003

Impact logoImpact

System compromise: Remote code execution.

recomended-action-logoRecommended Actions

Apply the patch as given in the Microsoft Security Bulletin MS03-026:
http://www.microsoft.com/technet/security/Bulletin/MS03-026.mspx

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)