5.1

CVE-2003-0813

A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftWindows 2000 Updatesp2
MicrosoftWindows 2000 Updatesp3
MicrosoftWindows 2000 Updatesp4
MicrosoftWindows 98 Version-
MicrosoftWindows Nt Version4.0 Updatesp6a SwEditionserver
MicrosoftWindows Nt Version4.0 Updatesp6a SwEditionterminal_server
MicrosoftWindows Server 2003 HwPlatformx64
MicrosoftWindows Server 2003 HwPlatformx86
MicrosoftWindows Xp Version-
MicrosoftWindows Xp Version- Updatesp1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 50.24% 0.978
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

http://www.kb.cert.org/vuls/id/547820
Patch
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/8811
Third Party Advisory
Broken Link
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA04-104A.html
Third Party Advisory
US Government Resource
Broken Link
http://xforce.iss.net/xforce/alerts/id/155
Patch
Vendor Advisory
Broken Link