| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| Microsoft Security Advisory 935964 | Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution (935964) | Microsoft Windows | Critical | 17-04-2007 |
Technical Information
Brief overview of the risk:
The Microsoft DNS service Remote Procedure Call (RPC) implementation contains a stack buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code with SYSTEM privileges.
Detailed Information on the risk:
The Microsoft Windows DNS service uses RPC to facilitate remote management. The Microsoft Windows DNS service RPC management interface contains a stack-based buffer overflow. This vulnerability can be triggered by sending a specially crafted RPC packet to the RPC management interface. The management interface typically operates on a dynamically-assigned port between 1024/tcp and 5000/tcp.Further information on this exploit is available at : Microsoft Security Advisory 935964.
Affected Software
Microsoft Windows 2000 Server Service Pack 4Windows Server 2003 Service Pack 1
Windows Server 2003 Service Pack 2