OSVDB ID: 49243

Title: Microsoft Windows Server Service Crafted RPC Request Handling Unspecified Remote Code Execution

Info

Disclosure

Oct 23, 2008

Discovery

Unknown

Dates

Exploit

Oct 23, 2008

Solution

Oct 23, 2008

Description

Microsoft Windows Server Service contains a flaw that may allow a malicious user to remotely execute arbitrary code. The issue is triggered when a crafted RPC request is handled. It is possible that the flaw may allow remote code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial, Exploit Wormified
Disclosure: Vendor Verified, Uncoordinated Disclosure, Discovered in the Wild

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Windows	XP SP2
		2003 Server SP1
		XP Pro x64
		2003 Server SP2
		2003 Server x64
		2003 Server x64 SP2
		2003 Server for Itanium SP2
		2000 SP4
		XP Pro x64 SP2
		XP SP3
		2003 Server for Itanium SP1
		2008 Server 32-bit
		Vista
		2008 Server x64
		Vista SP1
		2008 Server for Itanium
		Vista x64
		Vista x64 SP1

References

CVE ID: 2008-4250 (see also: NVD)
Bugtraq ID: 31874
Secunia Advisory ID: 32326
SCIP VulDB ID: 3860
ISS X-Force ID: 46040
Metasploit ID: 49243
Milw0rm: 6824 7104 7132
Exploit Database: 6824 7104 7132
CERT VU: 827267
VUPEN Advisory: ADV-2008-2902
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2008-11/0006.html
http://archives.neohapsis.com/archives/bugtraq/2008-11/0104.html
http://archives.neohapsis.com/archives/bugtraq/2008-11/0124.html
http://archives.neohapsis.com/archives/dailydave/2008-q4/0033.html
http://seclists.org/fulldisclosure/2010/Jan/613
Other Advisory URL: http://blog.threatexpert.com/2008/10/gimmiva-exploits-zero-day-vulnerability.html
http://blogs.securiteam.com/index.php/archives/1150
http://blogs.securiteam.com/index.php/archives/1150
http://securitylabs.websense.com/content/Alerts/3218.aspx
http://www.f-secure.com/weblog/archives/00001526.html
http://www.phreedom.org/blog/2008/decompiling-ms08-067/
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-110306-2212-99&tabid=2
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-110306-2212-99&tabid=2
http://www.symantec.com/security_response/threatconlearn.jsp
Vendor Specific News/Changelog Entry: http://blogs.technet.com/msrc/archive/2008/10/22/advance-notification-for-out-of-band-release.aspx
http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032393978
http://www.phreedom.org/blog/2008/decompiling-ms08-067/
News Article: http://blogs.technet.com/msrc/archive/2008/10/23/ms08-067-released.aspx
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=212000278
http://www.pcworld.com/businesscenter/article/152665/microsoft_to_rush_out_emergency_windows_patch.html
http://www.theregister.co.uk/2008/10/23/emergency_windows_update/
Generic Exploit URL: http://immunitysec.com
http://www.saintcorporation.com/cgi-bin/exploit_info/windows_server_service_ms08067
http://www.securiteam.com/exploits/6W00L15MUQ.html
Microsoft Knowledge Base Article: KB958644
Microsoft Security Bulletin: MS08-067

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/49243

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Windows

References

Credit