A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Windows_2000 | Microsoft | * | * |
Windows_2000 | Microsoft | * | * |
Windows_2000 | Microsoft | * | * |
Windows_98 | Microsoft | - | - |
Windows_nt | Microsoft | 4.0 | 4.0 |
Windows_nt | Microsoft | 4.0 | 4.0 |
Windows_server_2003 | Microsoft | * | * |
Windows_server_2003 | Microsoft | * | * |
Windows_xp | Microsoft | - | - |
Windows_xp | Microsoft | - | - |