CVE-2003-0813

MEDIUM Year: 2003
CVSS v2 Score
5.1
Medium
Weakness Type
CWE-367
View all →

Vulnerability Description

A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.

Related Vulnerabilities

CVE-2019-5421

CRITICAL
CVSS:9.8(Critical)

Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts...

CWE-3672019

CVE-2019-7249

CRITICAL
CVSS:9.8(Critical)

In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with...

CWE-3672019

CVE-2023-33154

CRITICAL
CVSS:9.8(Critical)

Windows Partition Management Driver Elevation of Privilege Vulnerability

CWE-3672023

CVE-2024-27114

HIGH
CVSS:9.8(Critical)

A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be avail...

CWE-3672024

CVE-2024-28718

CRITICAL
CVSS:9.8(Critical)

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.

CWE-3672024

CVE-2024-41779

CRITICAL
CVSS:9.8(Critical)

IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted reques...

CWE-3672024