Microsoft Windows object identifier could be used to open network ports
| win-objectidentifier-open-port (15711) |  Medium Risk |
Description:
Multiple Microsoft Windows products could allow a local attacker to open network ports. A vulnerability exists in the creation of object identities, which are used by the operating system to uniquely identify the application. A local attacker, who is authenticated, could learn the object identifiers and then run an application to open a network port and enable it to accept inbound communication requests.
Consequences:
Bypass Security
Remedy:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS05-051. See References.
Note: Microsoft originally provided a patch for this vulnerability in MS04-012, but it was superseded by the patch released with MS05-051.
For Microsoft Windows 2000:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS06-018. See References.
Note: Microsoft originally provided a patch for this vulnerability in MS04-012, which was superseded by the patch released with MS05-051, and then superseded by the patch released with MS06-018.
For Windows XP and Windows Server 2003:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS05-051. See References.
Note: Microsoft originally provided a patch for this vulnerability in MS04-012, but it was superseded by the patch released with MS05-012, which was superseded by the patch released with MS05-051.
For Windows 98, Windows 98 SE, and Windows Me:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS04-012. See References.
For Windows NT:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS04-029. See References.
Note: Microsoft originally provided a patch for this vulnerability in MS04-012, but it was superseded by the patch released with MS04-029. See References.
References:
- CIAC Information Bulletin O-115: Microsoft Cumulative Update for RPC/DCOM.
- Internet Security Systems Security Alert, April 13, 2004: Multiple Vulnerabilities in Microsoft Products.
- Microsoft Security Bulletin MS04-012: Cumulative Update for Microsoft RPC/DCOM (828741).
- Microsoft Security Bulletin MS04-029: Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350).
- Microsoft Security Bulletin MS05-051: Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400).
- Microsoft Security Bulletin MS06-018: Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580).
- BID-10121: Microsoft Windows Object Identity Network Communication Vulnerability
- CVE-2004-0124: The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an alter context call that contains additional data, aka the Object Identity Vulnerability.
- SA11065: Microsoft Windows RPC/DCOM Multiple Vulnerabilities
- US-CERT VU#212892: Microsoft Windows creates COM object identifiers incorrectly
Platforms Affected:
- Microsoft Windows 2000
- Microsoft Windows 2003 Server
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows Me
- Microsoft Windows NT 4.0 Server
- Microsoft Windows NT 4.0 Workstation
- Microsoft Windows NT 4.0 Terminal Server
- Microsoft Windows XP
Reported:
Apr 13, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net