CVE-2003-0605

EXPLOITED

Windows 2000 SP3-SP4 - Denial of Service and Privilege Escalation via RPC DCOM Interface

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2003-0605 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 10 public exploits from researchers including ins1der, anonymous, Flashsky.

AI-analyzed exploit summary This exploit targets CVE-2003-0605, a vulnerability in the Windows RPC DCOM interface, using a return-into-libc technique to bypass non-executable memory protections. It includes shellcode and offsets for Windows 2000 SP0 and XP SP0 (English).

Description

The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.

Exploits (10)

exploitdb WORKING POC VERIFIED
by ins1der · cremotewindows
https://www.exploit-db.com/exploits/117

This exploit targets CVE-2003-0605, a vulnerability in the Windows RPC DCOM interface, using a return-into-libc technique to bypass non-executable memory protections. It includes shellcode and offsets for Windows 2000 SP0 and XP SP0 (English).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Microsoft Windows 2000 SP0, Windows XP SP0
No auth needed
Prerequisites: Network access to vulnerable RPC DCOM service · Target system must be unpatched
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by anonymous · cremotewindows
https://www.exploit-db.com/exploits/109

This exploit targets CVE-2003-0605, a buffer overflow vulnerability in the Windows RPC DCOM interface (MS03-039). It includes shellcode to add a user and can cause a DoS on patched systems. The code is designed for Windows XP and Windows 2000.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows RPC DCOM (unpatched systems)
No auth needed
Prerequisites: Network access to vulnerable RPC service · Unpatched Windows system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Flashsky · cremotewindows
https://www.exploit-db.com/exploits/103

This exploit targets CVE-2003-0605, a buffer overflow vulnerability in the RPC DCOM interface of Microsoft Windows. It sends a maliciously crafted RPC request to execute arbitrary shellcode, which adds a user 'SST' with password '557'.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows (RPC DCOM interface)
No auth needed
Prerequisites: Network access to vulnerable RPC DCOM interface · Target system must be unpatched for CVE-2003-0605
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb SCANNER VERIFIED
by Doke Scott · cremotewindows
https://www.exploit-db.com/exploits/97

This code is a scanner for CVE-2003-0605, which targets the DCOM RPC vulnerability (MS03-039). It sends crafted packets to detect vulnerable systems by analyzing responses.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows DCOM RPC (MS03-039)
No auth needed
Prerequisites: Network access to target · Port 135 (DCOM RPC) open
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by oc192 · cremotewindows
https://www.exploit-db.com/exploits/76

This exploit targets CVE-2003-0605, a buffer overflow vulnerability in the Windows RPC DCOM interface. It includes shellcode for a bind shell and uses universal return addresses for Windows 2000 and XP to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows RPC DCOM (Windows 2000, Windows XP)
No auth needed
Prerequisites: Network access to target's RPC DCOM interface (typically port 135, 139, 445, or 539)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by anonymous · cremotewindows
https://www.exploit-db.com/exploits/70

This exploit targets CVE-2003-0605, a critical RPC DCOM vulnerability in Windows systems. It includes shellcode and multiple offsets for various Windows versions to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows (Multiple versions including NT, 2000, XP)
No auth needed
Prerequisites: Network access to vulnerable RPC DCOM service · Target system must be unpatched
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by pHrail · cremotewindows
https://www.exploit-db.com/exploits/69

This exploit targets CVE-2003-0605, a buffer overflow vulnerability in Windows RPC DCOM. It includes shellcode and multiple offsets for various Windows versions to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows RPC DCOM (Windows 2000, XP)
No auth needed
Prerequisites: Network access to vulnerable RPC DCOM service
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by H D Moore · cremotewindows
https://www.exploit-db.com/exploits/66

This exploit targets CVE-2003-0605, a buffer overflow vulnerability in the DCOM RPC interface of Windows systems. It sends a maliciously crafted RPC request to trigger a buffer overflow, leading to remote code execution via a bind shell on port 4444.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Windows 2000 (SP0-SP4), Windows XP (SP0-SP1)
No auth needed
Prerequisites: Network access to the target's DCOM RPC interface (typically port 135)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Flashsky · cremotewindows
https://www.exploit-db.com/exploits/64

This exploit targets CVE-2003-0605, a buffer overflow vulnerability in Microsoft Windows DCOM RPC interface. It uses a crafted RPC request to trigger the overflow and execute shellcode, likely achieving remote code execution (RCE).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows DCOM RPC (Windows 2000 SP4 Chinese, others)
No auth needed
Prerequisites: Network access to vulnerable DCOM RPC service · Target system running unpatched Windows version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Flashsky · cdoswindows
https://www.exploit-db.com/exploits/61

This exploit targets a vulnerability in RPC DCOM (CVE-2003-0605) by sending malformed packets to port 135, causing a denial-of-service (DoS) condition. It does not include a reverse shell or arbitrary code execution, focusing solely on crashing the service.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Windows RPC DCOM (pre-MS03-039 patch)
No auth needed
Prerequisites: Network access to target's port 135
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105880332428706&w=2
Mailing List mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006851.html
US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-2003-23.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A494
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1118
US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-2003-19.html
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/326746

Scores

EPSS 0.6064
EPSS Percentile 98.3%

Details

VulnCheck KEV 2003-08-01
Status published
Products (1)
microsoft/windows_2000 (5 CPE variants)
Published Aug 27, 2003
Tracked Since Feb 18, 2026