Another RPC DCOM Vulnerability / Exploit (Now DCOM3) !
Results 1 to 4 of 4

Thread: Another RPC DCOM Vulnerability / Exploit (Now DCOM3) !

  1. #1
    Junior Member
    Join Date
    Aug 2003

    Another RPC DCOM Vulnerability / Exploit (Now DCOM3) !

    hi, this is a message from bugtraq :

    Universal exploit for MS03-039 is now public on

    It was reported by exploit author (and confirmed), Windows XP SP1
    with all security fixes installed still vulnerable to variant of the
    same bug. Windows 2000/2003 was not tested.

    For a while only DoS exploit exists (DCOM3) , but code execution is probably possible. Technical details are sent to Microsoft, waiting for confirmation.

    ppl must block the vulnerable ports.


    Gurou ** Security Administrator

  2. #2
    Senior Member
    Join Date
    Jan 2003
    These are everywhere now...thanks for the heads up
    [gloworange]And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict\'s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. \"This is it... this is where I belong...\" I know everyone here... even if I\'ve never met them, never talked to them, may never hear from them again... I know you all...[/gloworange]

  3. #3
    while i understand what rpc and dcom are as technologies, i don't understand how they work or how they interact with each other. i did some searching on the site and wasn't able to find a tutorial on this either. i'm also interested in how these exploits work in plain english-- all of that code is just plain french to me at this point
    anyone have any good links?

  4. #4
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Flint, MI
    RPC is a way to make a remote machine run a certain procedure for you. It was used a bit with SunOS, but I don't know anyone that has used it in a windows environment.

    DCOM is the same idea, but on a different level, and it is a MS only thing. dcom should be more "invisible" where the program does all the work, while rpc would require user interaction. I have never seen this used.. anyplace.. The only use I have seen for DCOM is to exploit it.

    The exploit is a buffer overflow. Basically it sends a shitload of information to the DCOM port, then finishes the info off with the code to run a remote shell. DCOM gets confused and runs the code at the end, and you have a shell. When MS patched it, all they did was tell it not to run the code at the end. They didn't tell it to drop the packets. Thats why it causes a DOS.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts