Intrusion Prevention

MS.SMB.DCERPC.Locator.Buffer.Overflow

Description

This indicates an attempt to exploit a buffer-overflow vulnerability in the RPC Locator service for Microsoft Windows.
The vulnerability is due to the software's inability to properly handle RPC calls with specially malformed parameters. A remote attacker may exploit this to execute arbitrary code.

Affected Products

Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows XP 64-bit Edition
Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Windows NT Workstation 4.0 SP6
Microsoft Windows NT Workstation 4.0 SP5
Microsoft Windows NT Workstation 4.0 SP4
Microsoft Windows NT Workstation 4.0 SP3
Microsoft Windows NT Workstation 4.0 SP2
Microsoft Windows NT Workstation 4.0 SP1
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Terminal Server 4.0 SP6
Microsoft Windows NT Terminal Server 4.0 SP5
Microsoft Windows NT Terminal Server 4.0 SP4
Microsoft Windows NT Terminal Server 4.0 SP3
Microsoft Windows NT Terminal Server 4.0 SP2
Microsoft Windows NT Terminal Server 4.0 SP1
Microsoft Windows NT Terminal Server 4.0
Microsoft Windows NT Server 4.0 SP6a
Microsoft Windows NT Server 4.0 SP6
Microsoft Windows NT Server 4.0 SP5
Microsoft Windows NT Server 4.0 SP4
Microsoft Windows NT Server 4.0 SP3
Microsoft Windows NT Server 4.0 SP2
Microsoft Windows NT Server 4.0 SP1
Microsoft Windows NT Server 4.0
Microsoft Windows NT Enterprise Server 4.0 SP6a
Microsoft Windows NT Enterprise Server 4.0 SP6
Microsoft Windows NT Enterprise Server 4.0 SP5
Microsoft Windows NT Enterprise Server 4.0 SP4
Microsoft Windows NT Enterprise Server 4.0 SP3
Microsoft Windows NT Enterprise Server 4.0 SP2
Microsoft Windows NT Enterprise Server 4.0 SP1
Microsoft Windows NT Enterprise Server 4.0
Microsoft Windows 2000 Server Japanese Edition
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server

Impact

System compromise: Remote code execution.

Recommended Actions

Apply the corresponding patches:
Microsoft Windows 2000 Server SP2
* Microsoft Q810833_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=33FF827A-D5DB-4F9 2-9DEF-4D91A140E0E0&displaylang=en
Microsoft Windows 2000 Advanced Server SP2
* Microsoft Q810833_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=33FF827A-D5DB-4F9 2-9DEF-4D91A140E0E0&displaylang=en
Microsoft Windows XP 64-bit Edition SP1
* Microsoft Q810833_WXP_SP2_ia64_ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=B8999D16-3DAD-4E2 0-B46E-E1AEFB1F6673&displaylang=en
Microsoft Windows 2000 Professional SP3
* Microsoft Q810833_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=33FF827A-D5DB-4F9 2-9DEF-4D91A140E0E0&displaylang=en
Microsoft Windows 2000 Professional SP2
* Microsoft Q810833_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=33FF827A-D5DB-4F9 2-9DEF-4D91A140E0E0&displaylang=en
Microsoft Windows 2000 Advanced Server SP3
* Microsoft Q810833_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=33FF827A-D5DB-4F9 2-9DEF-4D91A140E0E0&displaylang=en
Microsoft Windows XP Home
* Microsoft Q810833_WXP_SP2_x86_ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=DF24197E-6217-4AB D-A244-0A53320B2813&displaylang=en
Microsoft Windows XP Home SP1
* Microsoft Q810833_WXP_SP2_x86_ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=DF24197E-6217-4AB D-A244-0A53320B2813&displaylang=en
Microsoft Windows 2000 Datacenter Server SP3
* Microsoft Q810833_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=33FF827A-D5DB-4F9 2-9DEF-4D91A140E0E0&displaylang=en
Microsoft Windows 2000 Server Japanese Edition
* Microsoft Q810833_W2K_SP4_nec98_JA.exe
http://microsoft.com/downloads/details.aspx?FamilyId=1B142CF9-CADA-4DF F-B42D-7E2022A17E6A&displaylang=ja
Microsoft Windows 2000 Server SP3
* Microsoft Q810833_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=33FF827A-D5DB-4F9 2-9DEF-4D91A140E0E0&displaylang=en
Microsoft Windows XP 64-bit Edition
* Microsoft Q810833_WXP_SP2_ia64_ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=B8999D16-3DAD-4E2 0-B46E-E1AEFB1F6673&displaylang=en
Microsoft Windows 2000 Datacenter Server SP2
* Microsoft Q810833_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=33FF827A-D5DB-4F9 2-9DEF-4D91A140E0E0&displaylang=en
Microsoft Windows XP Professional
* Microsoft Q810833_WXP_SP2_x86_ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=DF24197E-6217-4AB D-A244-0A53320B2813&displaylang=en
Microsoft Windows XP Professional SP1
* Microsoft Q810833_WXP_SP2_x86_ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=DF24197E-6217-4AB D-A244-0A53320B2813&displaylang=en
Microsoft Windows NT Workstation 4.0 SP6a
* Microsoft CHPQ810833i.EXE
Windows NT Chinese - Hong Kong Version
http://microsoft.com/downloads/details.aspx?FamilyId=C8AAB17B-48B2-4E9 F-B06F-2A54BA59A45F&displaylang=zh-tw
* Microsoft JPNQ810833n.EXE
Windows NT Japanese Version
http://microsoft.com/downloads/details.aspx?FamilyId=F211C932-D442-4A1 A-B385-77975DE3B280&displaylang=ja
* Microsoft Q810833i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=F92D1E86-590A-4DA 5-93F2-FCC6300A1A43&displaylang=en
Microsoft Windows NT Server 4.0 SP6a
* Microsoft CHPQ810833i.EXE
Windows NT Chinese - Hong Kong Version
http://microsoft.com/downloads/details.aspx?FamilyId=C8AAB17B-48B2-4E9 F-B06F-2A54BA59A45F&displaylang=zh-tw
* Microsoft JPNQ810833n.EXE
Windows NT Japanese Version
http://microsoft.com/downloads/details.aspx?FamilyId=F211C932-D442-4A1 A-B385-77975DE3B280&displaylang=ja
* Microsoft Q810833i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=F92D1E86-590A-4DA 5-93F2-FCC6300A1A43&displaylang=en
Microsoft Windows NT Terminal Server 4.0 SP6
* Microsoft Q810833i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=EB651162-97F2-47F 9-8E99-016B35B7646D&displaylang=en
Microsoft Windows NT Enterprise Server 4.0 SP6a
* Microsoft CHPQ810833i.EXE
Windows NT Chinese - Hong Kong Version
http://microsoft.com/downloads/details.aspx?FamilyId=C8AAB17B-48B2-4E9 F-B06F-2A54BA59A45F&displaylang=zh-tw
* Microsoft JPNQ810833n.EXE
Windows NT Japanese Version
http://microsoft.com/downloads/details.aspx?FamilyId=F211C932-D442-4A1 A-B385-77975DE3B280&displaylang=ja
* Microsoft Q810833i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=F92D1E86-590A-4DA 5-93F2-FCC6300A1A43&displaylang=en

CVE References

CVE-2003-0003