| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS10-066 | Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (982802) | Windows Server | Critical | 15-09-2010 |
Technical Information
Brief overview of the risk:
The vulnerability could allow remote code execution if an attacker sent a specially crafted RPC response to a client-initiated RPC request. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system.
Detailed Information on the risk:
An unauthenticated remote code execution vulnerability exists in the way that the Remote Procedure Call (RPC) client implementation allocates memory when parsing specially crafted RPC responses. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted RPC response to a client-initiated RPC request. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Further information on this exploit is available at : MS10-066
Affected Software
Windows Server 2003 Service Pack 2Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows XP Professional x64 Edition Service Pack 2
Windows XP Service Pack 3