MS-RPC: Microsoft Server Service Overflow (1)
This signature detects attempts to exploit a known vulnerability in Microsoft Windows Server service (srvsvc). A remote attacker can send a maliciously crafted RPC requests to the problematic service; thus leading to a denial-of-service condition.
Extended Description
Microsoft Windows Plug and Play service is prone to a denial of service condition. This issue is caused by a malformed request to the service that causes virtual memory consumption. On Windows XP, a remote attacker must authenticate over RPC to exploit this issue using the originally described attack vector. Update: A reliable source has indicated that this issue is anonymously exploitable via named pipes or other MSRPC calls on Microsoft Windows XP SP2. This issue may be exploited by differing attack vectors than originally described by Microsoft.
Affected Products
Microsoft windows_xp_media_center_edition
Short Name
MS-RPC:OF:SRV-SVC-1
Severity
Major
Recommended
False
Recommended Action
None
Category
MS-RPC
Keywords
(1) CVE-2005-3644 CVE-2007-2446 Microsoft Overflow Server Service bid:15460 bid:23973 bid:24195 bid:24198 bid:25232
Release Date
02/17/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3724
False Positive
Occasionally
Vendors
Microsoft
CVSS Score
10.0
7.8