Name:
MS.Windows.RPC.DNS.Service.Buffer.Overflow
Released Date:
Apr 16 2007
Severity:
critical
CVE:
2007-1748
MS Bulletin:
MS07-029
Bugtraq:
23470

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
A vulnerability which can be leveraged to take control of a remote system has been identified in Microsoft Windows.

The vulnerability exists in the RPC interface to the DNS service used for remote management. It is caused by a boundary check error that can lead to a stack based buffer overflow via a crafted RPC request.
 
Impact
Arbitrary code execution.
 
Affected Products
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Server
Microsoft Windows Storage Server 2003
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Web Edition
Aliases
-Tag.MS.Windows.RPC.DNS.Service.Bind
MS.Windows.RPC.DNS.Service.Buffer.Overflow
-Tag.MS.Windows.NBSS.RPC
References
http://www.microsoft.com/technet/security/Bulletin/MS07-029.mspx
http://www.securityfocus.com/bid/23470
http://www.frsirt.com/english/advisories/2007/1366
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-1748
http://www.microsoft.com/technet/security/advisory/935964.mspx
Recommended Actions
No vendor-supplied patch is available for now.

Microsoft has released a advisory for this issue.
http://www.microsoft.com/technet/security/advisory/935964.mspx

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED