MS-RPC: RRAS Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the MS RPC RRAS module. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the system context.
Extended Description
Microsoft Windows Routing and Remote Access is prone to a memory-corruption vulnerability. This issue is due to the software's failure to properly bounds-check user-supplied network data before copying it to an insufficiently sized memory buffer. This issue allows remote attackers to execute arbitrary machine code on affected computers with SYSTEM-level privileges. This facilitates the complete compromise of affected computers. Exploiting this issue on Microsoft Windows XP SP2 or Windows Server 2003 requires valid login credentials. Anonymous attacks are possible with Windows 2000 and Windows XP versions prior to SP2.
Affected Products
Microsoft windows_xp_tablet_pc_edition
Short Name
MS-RPC:OF:RRAS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
MS-RPC
Keywords
Buffer CVE-2006-2370 CVE-2006-2371 Overflow RRAS bid:18325 bid:18358
Release Date
06/13/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5