‘Locator Service Buffer Overflow Vulnerability’
‘There is a remotely exploitable buffer overflow vulnerability in the Microsoft RPC (Remote Procedure Call) Locator Service on Windows platforms. The RPC Locator Service maintains a list of RPC services and servers on the network. Typically only domain controllers run the Locator service by default and these machines are the most at risk.’
‘The information has been provided by NGSSoftware Insight Security Research.’
‘When searching for RPC Services on the network a Windows RPC client will connect to the domain controller over TCP port 139/445 (the SMB ports) and search for services/servers through the ‘locator’ named pipe. An attacker can overflow a stack-based buffer in the Locator service process by searching for an overly long string for an entry name to use in looking for binding handles. This problem arises due to an unsafe call to wcscpy().
NGSSoftware advised Microsoft to this problem at the end of October of 2002. Microsoft released the patch to resolve this issue last week. http://www.microsoft.com/security/security_bulletins/ms03-001.asp‘