| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.2 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as critical has been discovered in Microsoft Windows NT 4.0/2000/XP/Server 2003. This affects an unknown part of the component RPCSS. Such manipulation leads to memory leak. This vulnerability is documented as CVE-2004-0116. The attack can be executed remotely. There is not any exploit available. It is advisable to implement a patch to correct this issue.
Details
A vulnerability, which was classified as critical, has been found in Microsoft Windows NT 4.0/2000/XP/Server 2003 (Operating System). Affected by this issue is an unknown functionality of the component RPCSS. The manipulation with an unknown input leads to a memory leak vulnerability. Using CWE to declare the problem leads to CWE-401. The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. Impacted is availability. CVE summarizes:
An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
The weakness was released 04/13/2004 with eEye Digital Security as MS04-012 as confirmed bulletin (Technet). The advisory is shared for download at microsoft.com. This vulnerability is handled as CVE-2004-0116 since 02/03/2004. The attack may be launched remotely. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1499.
The vulnerability scanner Nessus provides a plugin with the ID 12206 (MS04-012: Microsoft Hotfix (credentialed check) (828741)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins. The commercial vulnerability scanner Qualys is able to test this issue with plugin 68528 (Multiple Microsoft Windows RPC/DCOM Vulnerabilities (MS04-012)).
Applying the patch MS04-012 is able to eliminate this problem. The bugfix is ready for download at windowsupdate.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability. Attack attempts may be identified with Snort ID 9601. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 2772.
The vulnerability is also documented in the databases at X-Force (15708), Tenable (12206), SecurityFocus (BID 10127†), OSVDB (5245†) and Secunia (SA11065†). eeye.com is providing further details. Entries connected to this vulnerability are available at VDB-331, VDB-597 and VDB-598. Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.microsoft.com/
- Product: https://www.microsoft.com/en-us/windows
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 7.2
VulDB Base Score: 7.5
VulDB Temp Score: 7.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory leakCWE: CWE-401 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 12206
Nessus Name: MS04-012: Microsoft Hotfix (credentialed check) (828741)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: MS04-012
Snort ID: 9601
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
SourceFire IPS: 🔍
ISS Proventia IPS: 🔍
Timeline
02/03/2004 🔍04/13/2004 🔍
04/13/2004 🔍
04/13/2004 🔍
04/13/2004 🔍
04/13/2004 🔍
04/13/2004 🔍
04/14/2004 🔍
04/14/2004 🔍
06/01/2004 🔍
01/02/2025 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: MS04-012
Researcher: http://www.eeye.com
Organization: eEye Digital Security
Status: Confirmed
CVE: CVE-2004-0116 (🔍)
GCVE (CVE): GCVE-0-2004-0116
GCVE (VulDB): GCVE-100-596
OVAL: 🔍
CERT: 🔍
X-Force: 15708 - Microsoft Windows RPCSS Service RPC message can cause denial of service, Medium Risk
SecurityFocus: 10127
Secunia: 11065 - Microsoft Windows RPC/DCOM Multiple Vulnerabilities, Moderately Critical
OSVDB: 5245 - Microsoft Windows RPCSS Large Length Field DoS
SecurityTracker: 1009758 - Microsoft Windows RCP Memory Leak Lets Remote Users Deny Service
SecuriTeam: securiteam.com
Vulnerability Center: 4113 - [MS04-012] DoS in RPCSS Service, High
Misc.: 🔍
See also: 🔍
Entry
Created: 04/14/2004 11:04Updated: 01/02/2025 11:55
Changes: 04/14/2004 11:04 (100), 04/30/2019 15:08 (3), 03/09/2021 13:19 (3), 01/02/2025 11:55 (15)
Complete: 🔍
Cache ID: 216:E50:103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.