GEN:SID 1:2257
Message NETBIOS DCERPC Messenger Service buffer overflow attempt
Summary This event is generated when an attempt is made to exploit a known
vulnerability in the Microsoft Windows Messenger service.
Impact Serious. Denial of Service (DoS), execution of arbitrary code is
possible.
Detailed Information Due to improper length validation in the Microsoft Windows Messenger
service, it may be possible for an attacker to overwrite portions of
memory. This can result in the attacker being presented with the
opportunity to execute code of their choosing. Under some circumstances
a Denial of Service condition may be possible against the target host.

Specifically, this vulnerability may present the attacker with the
opportunity to execute code with the privileges of the local system
account with full access to all resources on the target host.
Affected Systems Microsoft Windows NT Workstation 4.0, Service Pack 6a
    Microsoft Windows NT Server 4.0, Service Pack 6a
    Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
    Microsoft Windows 2000, Service Pack 2, Service Pack 3, Service Pack 4
    Microsoft Windows XP Gold, Service Pack 1
    Microsoft Windows XP 64-bit Edition
    Microsoft Windows XP 64-bit Edition Version 2003
    Microsoft Windows Server 2003
    Microsoft Windows Server 2003 64-bit Edition
Attack Scenarios The attacker may use one of the available exploits to target a
vulnerable host.
Ease of Attack Simple. Exploit code exists.
Corrective Action Apply the appropriate vendor supplied patches and service packs.

Disable the Windows messenger service
Additional References CERT:
http://www.kb.cert.org/vuls/id/575892

Microsoft:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-043.asp
Rule References bugtraq: 8826
cve: 2003-0717
nessus: 11888
nessus: 11890
url: www.microsoft.com/technet/security/bulletin/MS03-043.mspx