Windows Server Service buffer overflow MS08-067

Added: 10/24/2008
CVE: CVE-2008-4250
BID: 31874
OSVDB: 49243

Background

The Windows Server service supports file, print, and named-pipe sharing over the network.

Problem

A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the Windows Server service.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 08-067.

References

http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx

Limitations

Due to the nature of this vulnerability, the success of the exploit depends on the contents of unused stack memory space, and therefore is not completely reliable.

Platforms

Windows XP SP3 / Windows XP
Windows XP SP2
Windows XP SP1 / Windows XP
Windows Server 2003
Windows Server 2003 SP1
Windows Server 2003 SP2

Back to exploit index