APP: Microsoft Windows RASMAN Registry Remote Code Execution
This signature detects attempts to exploit a known vulnerability in the Microsoft Routing and Remote Access. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted daemon.
Extended Description
Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
Affected Products
Microsoft windows_2000
References
CVE: CVE-2006-2371
Short Name
APP:MISC:CVE-2006-2371-BO
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
CVE-2006-2371 Code Execution Microsoft RASMAN Registry Remote Windows
Release Date
06/03/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5