SMB: Microsoft Windows Server Service Crafted RPC Request
This signature detects attempts to exploit a known vulnerability in the Microsoft Windows Server service. A successful attack can lead to a buffer overflow and arbitrary remote code execution as SYSTEM. This vulnerability is being actively exploited in the wild by malware.
Extended Description
Microsoft Windows is prone to a remote code-execution vulnerability that affects RPC (Remote Procedure Call) handling in the Server service. An attacker could exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of vulnerable computers. This issue may be prone to widespread automated exploits. Attackers require authenticated access on Windows Vista and Server 2008 platforms to exploit this issue. This vulnerability affects Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Affected Products
Avaya messaging_application_server,Microsoft windows_server_2008_for_itanium-based_systems
Short Name
SMB:SERVER-SVC-OF
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
SMB
Keywords
CVE-2008-4250 Crafted Microsoft RPC Request Server Service Windows bid:31874
Release Date
10/23/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
Avaya
CVSS Score
10.0