CVE-2003-0813 — Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft Windows NT

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition5 documents4 sources

Severity

5.1MEDIUMNVD

CNA7.5

EPSS

53.4%

top 2.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows NT

Timeline

PublishedNov 17

Latest updateApr 29

Description

A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/windows_nt4.0

Patches

Patch: www.kb.cert.org ↗Patch: xforce.iss.net ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-5f25-6f2x-h9x6: A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of s↗2022-04-29

▶

CVEList

CVE-2003-0813: A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of s↗2003-10-15

▶

🔍Detection Rules

Suricata

GPL NETBIOS SMB-DS DCERPC ISystemActivator unicode bind attempt↗2010-09-23

▶

Suricata

GPL NETBIOS SMB-DS DCEPRC ORPCThis request flood attempt↗2010-09-23

▶