Gain a shell remotely : Microsoft RPC Interface Buffer Overrun (823980)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.11808

Categoría: Gain a shell remotely

Título: Microsoft RPC Interface Buffer Overrun (823980)

Resumen: The remote host is running a version of Windows which has a flaw in; its RPC interface which may allow an attacker to execute arbitrary code; and gain SYSTEM privileges. There is at least one Worm which is; currently exploiting this vulnerability. Namely, the MsBlaster worm.

Descripción: Summary:
The remote host is running a version of Windows which has a flaw in
its RPC interface which may allow an attacker to execute arbitrary code
and gain SYSTEM privileges. There is at least one Worm which is
currently exploiting this vulnerability. Namely, the MsBlaster worm.

Solution:
The vendor has releases updates, please see the references for more information.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0352
BugTraq ID: 8205
http://www.securityfocus.com/bid/8205
Bugtraq: 20030716 [LSD] Critical security vulnerability in Microsoft Operating Systems (Google Search)
http://marc.info/?l=bugtraq&m=105838687731618&w=2
Bugtraq: 20030725 The Analysis of LSD's Buffer Overrun in Windows RPC Interface(code revised ) (Google Search)
http://marc.info/?l=bugtraq&m=105914789527294&w=2
http://www.cert.org/advisories/CA-2003-16.html
http://www.cert.org/advisories/CA-2003-19.html
CERT/CC vulnerability note: VU#568148
http://www.kb.cert.org/vuls/id/568148
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007079.html
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007357.html
http://www.xfocus.org/documents/200307/2.html
Microsoft Security Bulletin: MS03-026
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-026
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2343
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A296
XForce ISS Database: win-rpc-dcom-bo(12629)
https://exchange.xforce.ibmcloud.com/vulnerabilities/12629

Copyright Copyright (C) 2003 KK LIU

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.11808
Categoría:	Gain a shell remotely
Título:	Microsoft RPC Interface Buffer Overrun (823980)
Resumen:	The remote host is running a version of Windows which has a flaw in; its RPC interface which may allow an attacker to execute arbitrary code; and gain SYSTEM privileges. There is at least one Worm which is; currently exploiting this vulnerability. Namely, the MsBlaster worm.
Descripción:	Summary: The remote host is running a version of Windows which has a flaw in its RPC interface which may allow an attacker to execute arbitrary code and gain SYSTEM privileges. There is at least one Worm which is currently exploiting this vulnerability. Namely, the MsBlaster worm. Solution: The vendor has releases updates, please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0352 BugTraq ID: 8205 http://www.securityfocus.com/bid/8205 Bugtraq: 20030716 [LSD] Critical security vulnerability in Microsoft Operating Systems (Google Search) http://marc.info/?l=bugtraq&m=105838687731618&w=2 Bugtraq: 20030725 The Analysis of LSD's Buffer Overrun in Windows RPC Interface(code revised ) (Google Search) http://marc.info/?l=bugtraq&m=105914789527294&w=2 http://www.cert.org/advisories/CA-2003-16.html http://www.cert.org/advisories/CA-2003-19.html CERT/CC vulnerability note: VU#568148 http://www.kb.cert.org/vuls/id/568148 http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007079.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007357.html http://www.xfocus.org/documents/200307/2.html Microsoft Security Bulletin: MS03-026 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-026 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A194 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2343 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A296 XForce ISS Database: win-rpc-dcom-bo(12629) https://exchange.xforce.ibmcloud.com/vulnerabilities/12629
Copyright	Copyright (C) 2003 KK LIU