Arbitrary Code Execution and Denial of Service in Microsoft RPCSS

Reported September 10, 2003, by Microsoft.


·         Windows Server 2003, Windows XP, Windows 2000, Windows NT Server 4.0 Terminal Server Edition, Windows NT 4.0


Three new vulnerabilities exist in the part of Remote Procedure Call Subsystem (RPCSS) Service that deals with remote procedure call (RPC) messages for Distributed COM (DCOM) activation. Two of these vulnerabilities could allow arbitrary code execution on the vulnerable system. The third vulnerability could result in a Denial of Service (DoS) condition. The flaws result from incorrect handling of malformed messages. These vulnerabilities affect the DCOM interface within the RPCSS Service. By using these flaws, an attacker could take any action on a vulnerable system, including installing programs; viewing, changing, or deleting data; and creating new accounts with full privileges.


Microsoft has released security bulletin MS03-039, "Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)," which addresses these vulnerabilities, and recommends that affected users immediately apply the appropriate patch listed in the bulletin. This patch supercedes the patch listed in Microsoft Security Bulletin MS03-026.


Discovered by eEye Digital Security, NSFOCUS Security Team, and Xue Yong Zhi and Renaud Deraison from Tenable Network Security.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.