null

RPCScan v2.03

Microsoft RPC(MS03-026) and RPCSS(MS03-039) Vulnerability Detection Utility

RPCScan v2.03 is a Windows based detection and analysis utility that can quickly and accurately identify Microsoft operating systems that are vulnerable to the multiple buffer overflow vulnerabilities released in the MS03-026 and MS03-039 bulletins.

RPCScan v2.03 is intended for use by enterprise system and network administrators as a fast and reliable utility for identifying at risk Microsoft systems in a passive manner. This tool is non-abrasive in nature and may be run in production environments during production hours.

Vulnerability Information:
The Distributed Component Objects Model (DCOM) protocol and Remote Procedure Call (RPC) service are installed by default with many Microsoft Windows operating systems. DCOM allows application components to be distributed across multiple servers.

Three vulnerabilities have been identified in the RPCSS service which handles RCP messages for DCOM object activation requests that are sent from one machine to another. Two of these vulnerabilities can result in remote, unauthorized, arbitrary code execution. The third can result in a local denial-of-service condition. These vulnerabilities result from inadequate message handling, and affect the DCOM interface within the RPCSS service.

Vulnerable systems:
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0 Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003