1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. OS Attack: MSRPC Server Service RPC CVE-2008-4250

OS Attack: MSRPC Server Service RPC CVE-2008-4250

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a buffer overflow vulnerability in the Server Service on Windows systems which may result in remote code execution.

Additional Information

Microsoft Windows Server service provides support for sharing resources such as files and print services over the network.

The Server service is prone to a remote code-execution vulnerability that affects RPC (Remote Procedure Call) handling. This issue stems from a stack-based buffer overflow that can be triggered with specially crafted RPC requests to a vulnerable computer. The 'NetprPathCanonicalize()' function in the 'netapi32.dll' file is affected.

An attacker could exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of vulnerable computers. This issue may be prone to widespread automated exploits.

Attackers require authenticated access on Windows Vista and Server 2008 platforms to exploit this issue.

Affected

  • This vulnerability affects Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

Response

Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube