Microsoft Windows Domain Name System Server Remote Code Execution Vulnerability

Advisory ID : FrSIRT/ADV-2007-1366 CVE ID : CVE-2007-1748 Rated as : Critical  Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2007-04-13   Technical Description          A vulnerability has been identified in Microsoft Windows, which could be exploited by remote attackers to take complete control of an affected system. This issue is caused by a stack overflow error in the Windows Domain Name System (DNS) Server's RPC interface implementation when processing malformed requests, which could be exploited by remote unauthenticated attackers to execute arbitrary code with SYSTEM privileges by sending a specially crafted request to a vulnerable system. Note : This vulnerability is currently being exploited in the wild. Affected Products Microsoft Windows 2000 Server Service Pack 4 Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Small Business Server 2000 Microsoft Windows Small Business Server 2003 Solution Disable remote management over RPC capability for DNS Servers. The FrSIRT is not aware of any official supplied patch for this issue. References http://www.frsirt.com/english/advisories/2007/1366 http://www.microsoft.com/technet/security/advisory/935964.mspx Credits Vulnerability reported by the vendor ChangeLog 2007-04-13 : Initial release Vulnerability Management Receive up-to-the-minute alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available. Subscribe to FrSIRT VNS. Feedback If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.