SMB: Microsoft Windows Remote Procedure Call Runtime Integer Overflow
This signature detects attempts to exploit a known vulnerability against Windows Remote Procedure Call. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the of the application making the RPC call.
Extended Description
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Affected Products
Microsoft windows_10
References
CVE: CVE-2022-26809
Short Name
SMB:RPC-MS-INT-OVERFLOW1
Severity
Major
Recommended
True
Recommended Action
Drop
Category
SMB
Keywords
CVE-2022-26809 Call Integer Microsoft Overflow Procedure Remote Runtime Windows
Release Date
07/21/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3611
False Positive
Unknown
Vendors
Microsoft