Follow:

Vulnerability:Win/MSRPC.SRVSVC.RCE!CVE-2008-4250

Severity rating
Critical

Class/Type
Vulnerability

Discovered date
2008-10-23T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

A remote code execution vulnerability exists in the Server service on Windows systems. The vulnerability is due to the service not properly handling specially crafted RPC requests. An attacker who successfully exploited this vulnerability could take complete control of an affected system.



Impact

An attacker could try to exploit the vulnerability by sending a specially crafted message to an affected system. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, any anonymous user with access to the target network could deliver a specially crafted network packet to the affected system in order to exploit this vulnerability. On Windows Vista and Windows Server 2008 systems, however, only an authenticated user with access to the target network could deliver a specially crafted network packet to the affected system in order to exploit this vulnerability.



Technical details (analysis)

The Server service provides RPC support, file and print support, and named pipe sharing over the network. The Server service allows the sharing of your local resources (such as disks and printers) so that other users on the network can access them. It also allows named pipe communication between applications running on other computers and your computer, which is used for RPC. The vulnerability is caused by the Windows Server service not properly handling specially crafted RPC requests. An attacker who successfully exploited this vulnerability could take complete control of the affected system.



Affected software

Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2
Windows XP Service Pack 3
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista and Windows Vista Service Pack 1
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 for Itanium-based Systems



Non-affected software

All applications not on the affected list.



References




Solutions




NIS signature

Name: Vulnerability:Win/MSRPC.SRVSVC.RCE!CVE-2008-4250
Release Date: 2008-10-23T00:00:00



Known false positives

No known false positives at this time



Work-arounds

Disable the Server and Computer Browser services
On Windows Vista and Windows Server 2008, filter the affected RPC identifier
Block TCP ports 139 and 445 at the firewall
To help protect from network-based attempts to exploit this vulnerability, use a personal firewall, such as the Internet Connection Firewall