First published: Wed Oct 15 2003(Updated: )
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Windows NT | =4.0-sp5 | |
Microsoft Windows XP | =sp1 | |
Microsoft Windows NT | =4.0-sp3 | |
Microsoft Windows Server 2003 | =web | |
Microsoft Windows Server 2003 | =enterprise | |
Microsoft Windows XP | ||
Microsoft Windows NT | =4.0-sp6a | |
Microsoft Windows Server 2003 | =enterprise_64-bit | |
Microsoft Windows XP | =gold | |
Microsoft Windows Server 2003 | =r2 | |
Microsoft Windows NT | =4.0-sp1 | |
Microsoft Windows NT | =4.0-sp3 | |
Microsoft Windows NT | =4.0-sp6a | |
Microsoft Windows NT | =4.0 | |
Microsoft Windows NT | =4.0 | |
Microsoft Windows NT | =4.0-sp4 | |
Microsoft Windows NT | =4.0-sp6 | |
Microsoft Windows NT | =4.0-sp6 | |
Microsoft Windows 2000 | ||
Microsoft Windows 2000 | =sp2 | |
Microsoft Windows 2000 | =sp4 | |
Microsoft Windows NT | =4.0-sp6 | |
Microsoft Windows XP | ||
Microsoft Windows NT | =4.0-sp2 | |
Microsoft Windows NT | =4.0-sp4 | |
Microsoft Windows NT | =4.0-sp5 | |
Microsoft Windows XP | =sp1 | |
Microsoft Windows Server 2003 | =r2 | |
Microsoft Windows NT | =4.0-sp1 | |
Microsoft Windows NT | =4.0-sp5 | |
Microsoft Windows NT | =4.0-sp5 | |
Microsoft Windows NT | =4.0-sp2 | |
Microsoft Windows NT | =4.0-sp2 | |
Microsoft Windows NT | =4.0-sp4 | |
Microsoft Windows XP | ||
Microsoft Windows Server 2003 | =standard | |
Microsoft Windows NT | =4.0-sp1 | |
Microsoft Windows NT | =4.0-sp1 | |
Microsoft Windows NT | =4.0-sp3 | |
Microsoft Windows NT | =4.0-sp3 | |
Microsoft Windows 2000 | =sp1 | |
Microsoft Windows 2000 | =sp3 | |
Microsoft Windows NT | =4.0 | |
Microsoft Windows NT | =4.0 | |
Microsoft Windows NT | =4.0-sp2 | |
Microsoft Windows NT | =4.0-sp4 | |
Microsoft Windows NT | =4.0-sp6 | |
Microsoft Windows NT | =4.0-sp6a | |
Microsoft Windows XP | =sp1 | |
Microsoft Windows 9x | ||
Microsoft Windows NT | =4.0-sp6a | |
Microsoft Windows NT | =4.0-sp6a | |
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows XP | ||
Microsoft Windows XP | =sp1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2003-0813 is classified as a medium severity vulnerability due to its potential to cause denial of service.
To mitigate CVE-2003-0813, apply the relevant security updates from Microsoft that address the multi-threaded race condition in Windows RPC DCOM.
CVE-2003-0813 affects various versions of Microsoft Windows, including Windows NT 4.0 and Windows XP with specified service packs.
Yes, CVE-2003-0813 can be exploited remotely by attackers to trigger a denial of service condition.
The impact of CVE-2003-0813 is the potential for system crashes or reboots caused by the exploitation of the vulnerability.