SMB: Microsoft Windows Server Service RPC Request Handling Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the Microsoft Windows Server service. A successful attack can lead to a buffer overflow and arbitrary remote code execution as SYSTEM.
Extended Description
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
Affected Products
Microsoft windows_server_2008
References
CVE: CVE-2008-4250
Short Name
SMB:CVE-2008-4250-BO
Severity
Major
Recommended
True
Recommended Action
Drop
Category
SMB
Keywords
Buffer CVE-2008-4250 Handling Microsoft Overflow RPC Request Server Service Windows
Release Date
05/16/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Microsoft
CVSS Score
10.0