Intrusion Prevention

MS.SMB.DCERPC.Locator.Buffer.Overflow

Description

This indicates an attempt to exploit a buffer-overflow vulnerability in the RPC Locator service for Microsoft Windows.
The vulnerability is due to the software's inability to properly handle RPC calls with specially malformed parameters. A remote attacker may exploit this to execute arbitrary code.

Affected Products

Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows XP 64-bit Edition
Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Windows NT Workstation 4.0 SP6
Microsoft Windows NT Workstation 4.0 SP5
Microsoft Windows NT Workstation 4.0 SP4
Microsoft Windows NT Workstation 4.0 SP3
Microsoft Windows NT Workstation 4.0 SP2
Microsoft Windows NT Workstation 4.0 SP1
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Terminal Server 4.0 SP6
Microsoft Windows NT Terminal Server 4.0 SP5
Microsoft Windows NT Terminal Server 4.0 SP4
Microsoft Windows NT Terminal Server 4.0 SP3
Microsoft Windows NT Terminal Server 4.0 SP2
Microsoft Windows NT Terminal Server 4.0 SP1
Microsoft Windows NT Terminal Server 4.0
Microsoft Windows NT Server 4.0 SP6a
Microsoft Windows NT Server 4.0 SP6
Microsoft Windows NT Server 4.0 SP5
Microsoft Windows NT Server 4.0 SP4
Microsoft Windows NT Server 4.0 SP3
Microsoft Windows NT Server 4.0 SP2
Microsoft Windows NT Server 4.0 SP1
Microsoft Windows NT Server 4.0
Microsoft Windows NT Enterprise Server 4.0 SP6a
Microsoft Windows NT Enterprise Server 4.0 SP6
Microsoft Windows NT Enterprise Server 4.0 SP5
Microsoft Windows NT Enterprise Server 4.0 SP4
Microsoft Windows NT Enterprise Server 4.0 SP3
Microsoft Windows NT Enterprise Server 4.0 SP2
Microsoft Windows NT Enterprise Server 4.0 SP1
Microsoft Windows NT Enterprise Server 4.0
Microsoft Windows 2000 Server Japanese Edition
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server

Impact

System compromise: Remote code execution.

Recommended Actions

Apply the corresponding patches:
Microsoft Windows 2000 Server SP2
* Microsoft Q810833_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=33FF827A-D5DB-4F9 2-9DEF-4D91A140E0E0&displaylang=en
Microsoft Windows 2000 Advanced Server SP2
* Microsoft Q810833_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=33FF827A-D5DB-4F9 2-9DEF-4D91A140E0E0&displaylang=en
Microsoft Windows XP 64-bit Edition SP1
* Microsoft Q810833_WXP_SP2_ia64_ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=B8999D16-3DAD-4E2 0-B46E-E1AEFB1F6673&displaylang=en
Microsoft Windows 2000 Professional SP3
* Microsoft Q810833_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=33FF827A-D5DB-4F9 2-9DEF-4D91A140E0E0&displaylang=en
Microsoft Windows 2000 Professional SP2
* Microsoft Q810833_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=33FF827A-D5DB-4F9 2-9DEF-4D91A140E0E0&displaylang=en
Microsoft Windows 2000 Advanced Server SP3
* Microsoft Q810833_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=33FF827A-D5DB-4F9 2-9DEF-4D91A140E0E0&displaylang=en
Microsoft Windows XP Home
* Microsoft Q810833_WXP_SP2_x86_ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=DF24197E-6217-4AB D-A244-0A53320B2813&displaylang=en
Microsoft Windows XP Home SP1
* Microsoft Q810833_WXP_SP2_x86_ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=DF24197E-6217-4AB D-A244-0A53320B2813&displaylang=en
Microsoft Windows 2000 Datacenter Server SP3
* Microsoft Q810833_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=33FF827A-D5DB-4F9 2-9DEF-4D91A140E0E0&displaylang=en
Microsoft Windows 2000 Server Japanese Edition
* Microsoft Q810833_W2K_SP4_nec98_JA.exe
http://microsoft.com/downloads/details.aspx?FamilyId=1B142CF9-CADA-4DF F-B42D-7E2022A17E6A&displaylang=ja
Microsoft Windows 2000 Server SP3
* Microsoft Q810833_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=33FF827A-D5DB-4F9 2-9DEF-4D91A140E0E0&displaylang=en
Microsoft Windows XP 64-bit Edition
* Microsoft Q810833_WXP_SP2_ia64_ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=B8999D16-3DAD-4E2 0-B46E-E1AEFB1F6673&displaylang=en
Microsoft Windows 2000 Datacenter Server SP2
* Microsoft Q810833_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=33FF827A-D5DB-4F9 2-9DEF-4D91A140E0E0&displaylang=en
Microsoft Windows XP Professional
* Microsoft Q810833_WXP_SP2_x86_ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=DF24197E-6217-4AB D-A244-0A53320B2813&displaylang=en
Microsoft Windows XP Professional SP1
* Microsoft Q810833_WXP_SP2_x86_ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=DF24197E-6217-4AB D-A244-0A53320B2813&displaylang=en
Microsoft Windows NT Workstation 4.0 SP6a
* Microsoft CHPQ810833i.EXE
Windows NT Chinese - Hong Kong Version
http://microsoft.com/downloads/details.aspx?FamilyId=C8AAB17B-48B2-4E9 F-B06F-2A54BA59A45F&displaylang=zh-tw
* Microsoft JPNQ810833n.EXE
Windows NT Japanese Version
http://microsoft.com/downloads/details.aspx?FamilyId=F211C932-D442-4A1 A-B385-77975DE3B280&displaylang=ja
* Microsoft Q810833i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=F92D1E86-590A-4DA 5-93F2-FCC6300A1A43&displaylang=en
Microsoft Windows NT Server 4.0 SP6a
* Microsoft CHPQ810833i.EXE
Windows NT Chinese - Hong Kong Version
http://microsoft.com/downloads/details.aspx?FamilyId=C8AAB17B-48B2-4E9 F-B06F-2A54BA59A45F&displaylang=zh-tw
* Microsoft JPNQ810833n.EXE
Windows NT Japanese Version
http://microsoft.com/downloads/details.aspx?FamilyId=F211C932-D442-4A1 A-B385-77975DE3B280&displaylang=ja
* Microsoft Q810833i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=F92D1E86-590A-4DA 5-93F2-FCC6300A1A43&displaylang=en
Microsoft Windows NT Terminal Server 4.0 SP6
* Microsoft Q810833i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=EB651162-97F2-47F 9-8E99-016B35B7646D&displaylang=en
Microsoft Windows NT Enterprise Server 4.0 SP6a
* Microsoft CHPQ810833i.EXE
Windows NT Chinese - Hong Kong Version
http://microsoft.com/downloads/details.aspx?FamilyId=C8AAB17B-48B2-4E9 F-B06F-2A54BA59A45F&displaylang=zh-tw
* Microsoft JPNQ810833n.EXE
Windows NT Japanese Version
http://microsoft.com/downloads/details.aspx?FamilyId=F211C932-D442-4A1 A-B385-77975DE3B280&displaylang=ja
* Microsoft Q810833i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=F92D1E86-590A-4DA 5-93F2-FCC6300A1A43&displaylang=en

Coverage

IPS (Regular DB)
IPS (Extended DB)

ID	10927
Created	Sep 16, 2005
Updated	Jan 13, 2022
Risk
CVE ID	CVE-2003-0003
Exploit Prediction Score	2.09%
Default Action	drop
Active
Affected OS	Windows
Affected App	Other

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Intrusion Prevention

MS.SMB.DCERPC.Locator.Buffer.Overflow

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Intrusion Prevention

MS.SMB.DCERPC.Locator.Buffer.Overflow

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

Threat Intelligence
Center