Microsoft RPCSS DCERPC DCOM Object Activation Packet Length Heap Corruption Vulnerability

A remotely exploitable heap corruption vulnerability has been discovered in RPC. This issue exists in the RPCSS Service and occurs due to insufficient sanity checks when handling length values located within DCERPC DCOM object activation packets. As a result, this vulnerability can be exploited by a remote attacker to manipulate the contents of heap memory, potentially allowing for the execution flow of the RPCSS service to be controlled. This would utlitimately allow for the execution of arbitrary code with SYSTEM privileges.

eEye released an advisory disclosing details about the issue they reported that was addressed in MS03-039. It is currently not known if this information is associated with CAN-2003-0528. The other buffer overrun reported in MS03-039 and described in BID 8459 may be applicable to CAN-2003-0528. The appropriate updates will be made when further CVE information becomes available.


Privacy Statement
Copyright 2010, SecurityFocus