ID CVE-2007-2228
Summary rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:professional:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:professional:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 16-10-2018 - 16:42)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
oval via4
accepted 2012-09-10T04:00:51.347-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Chandan S
    organization SecPod Technologies
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Vista is installed
    oval oval:org.mitre.oval:def:228
description rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
family windows
id oval:org.mitre.oval:def:2310
status accepted
submitted 2007-10-10T04:39:42
title Vulnerability in RPC Could Allow Denial of Service
version 71
refmap via4
bid 25974
bugtraq 20071010 ZDI-07-055: Microsoft Windows DCERPC Authentication Denial of Service Vulnerability
cert TA07-282A
hp
  • HPSBST02280
  • SSRT071480
misc http://www.zerodayinitiative.com/advisories/ZDI-07-055.html
ms MS07-058
sectrack 1018787
secunia
  • 27134
  • 27153
vupen ADV-2007-3438
Last major update 16-10-2018 - 16:42
Published 09-10-2007 - 22:17
Back to Top