MS03-039: Microsoft Windows RPC DCOM Interface epmapper Pipe Hijack Local Privilege Escalation (824146) (intrusive check)

High Nessus Plugin ID 11798


The remote Windows host has a denial of service vulnerability that may lead to privilege escalation.


It is possible to disable the remote RPC DOM interface by sending it a malformed request. The system will need to be rebooted to recover. A remote attacker could exploit this flaw to remotely disable RPC- related programs on this host.

If a denial of service attack is successful, a local attacker could escalate privileges by hijacking the epmapper pipe.


Microsoft has released a set of patches for Windows NT, 2000, XP, and 2003.

See Also

Plugin Details

Severity: High

ID: 11798

File Name: dcom_rpc_dos.nasl

Version: $Revision: 1.42 $

Type: remote

Agent: windows

Family: Windows

Published: 2003/07/22

Modified: 2017/08/30

Risk Information

Risk Factor: High


Base Score: 7.8

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2003/07/20

Reference Information

CVE: CVE-2003-0605

BID: 8234, 8460

OSVDB: 11460

MSFT: MS03-039

MSKB: 824146