BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Microsoft DNS RPC Buffer Overflow

Disclosed April 7, 2007    Fully Patched

Vulnerability Description:

A remote code execution vulnerability exists within Microsoft’s DNS Server service. Utilizing RPC functionality designed for remote management, an attacker is able to anonymously cause a stack-based buffer overflow. This code is executed under the context of SYSTEM, allowing for full system compromise.

eEye Research is currently investigating the vulnerability and active exploitation and will update this ZDT entry as more information becomes available.

Vendors:

Microsoft

Vulnerable Software/Devices:

Windows 2000
Windows 2003

Vulnerability Severity:

High

Exploit Availability:

N/A

BeyondTrust Prevention and Detection:

BeyondTrust's Blink® Personal Edition protects from this vulnerability.
BeyondTrust's Blink® Professional Edition protects from this vulnerability.
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

Patch:
MS07-029

Mitigation:

Since a vendor-supplied patch has been released, the best form of mitigation is to apply MS07-029.

Links:

Microsoft Security Advisory (935964)
ISC Handler's Diary
CVE-2007-1748
Public PoC Code Disclosure (Reverse Shell)

CVE(s):

None

Leave a Reply