CVE-2003-0813

medium

Description

A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-012

http://www.kb.cert.org/vuls/id/547820

http://marc.info/?l=ntbugtraq&m=106580303918155&w=2

http://marc.info/?l=bugtraq&m=106588827513795&w=2

http://marc.info/?l=bugtraq&m=106579825211708&w=2

http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011901.html

http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011886.html

http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011870.html

Details

Source: Mitre, NVD

Published: 2003-11-17

Updated: 2024-02-15

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: Medium