CVE: CVE-2003-0813

Export to Word

A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.

Threat-Mapped Scoring

Score: 1.5

Priority: P4 - Informational (Low)

S10 – Denial of Service

EPSS

Score: 0.37828
Percentile: 0.97039

CVSS Scoring

CVSS v2 Score: 5.1

Severity:

Mapped CWE(s)

CWE-367 : Time-of-check Time-of-use (TOCTOU) Race Condition

All CAPEC(s)

CAPEC-27: Leveraging Race Conditions via Symbolic Links
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_98:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:server:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:terminal_server:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*

← Back to Home