Intrusion Prevention

MS.Windows.RPC.REMACT.Service.Access

Description

This indicates a possible attempt at exploiting a heap-based buffer-overflow vulnerability in the Distributed Component Object Model (DCOM) interface in the RPCSS Service.
The vulnerability can be triggered by a malformed DCERPC DCOM object activation request packet. Remote attackers may exploit this to execute arbitrary code on the vulnerable system.

Affected Products

Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows 2000 Server

Impact

System compromise

Recommended Actions

Microsoft has released security update MS03-039 to fix this vulnerability.

CVE References

CVE-2003-0715