Skip to content

Ms08-067_Server_Service_Remote_Execution_Exploit
Vulnerability Identifier: CVE-2008-4250
Discovery Date: Oct 23, 2008
Risk: Critical
Related MalwareWORM_GIMMIV.A; TSPY_GIMMIV.A; WORM_DOWNAD.A; WORM_DOWNAD.AD; WORM_SPYBOT.OQ; WORM_NETWORM.C; WORM_WECORL.A; TROJ_DUCKY.N; WORM_KERBOT.A; TROJ_DUCKY.O; WORM_IRCBOT.BIT; WORM_DOWNAD.N
Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition
  • Microsoft Windows Server 2003 x64 Edition Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Professional x64 Edition Service Pack 2
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Service Pack 3
  • Windows Server 2008 for 32-bit Systems
  • Windows Server 2008 for Itanium-based Systems
  • Windows Server 2008 for x64-based Systems
  • Windows Vista
  • Windows Vista Service Pack 1
  • Windows Vista x64 Edition
  • Windows Vista x64 Edition Service Pack 1
Description:

A remote code execution vulnerability has been found in Server Service.

Server Service provides RPC support, file and print support, and named pipe sharing over the network. It allows the sharing of local resources, such as disks and printers, so that they can be accessed over the network. It also allows named pipe communication between applications running computers on the network, which is used for RPC.

The vulnerability for the Server Service lies when the service receives an specially crafted RPC request, and then fails to validate this request while processing certain data. When exploited, this vulnerability can cause a stack overflow and can lead to code execution.

By sending a specially crafted message, remote malicious users can take complete control of an affected system and perform the following:

  • Install programs
  • View/Change/Delete files
  • Create new accounts with full user rights

Patch Information:

For information about the specific security update for your affected software, click the appropriate link:

TREND MICRO SOLUTION

Users of Trend Micro PC-cillin Internet Security and Network VirusWall can detect this exploit at the network layer with Network Virus Pattern (NVP) 10269, or later.

Download the latest NVW pattern file from the following site:


Workaround Fixes:

The workaround for this vulnerability can be found at:



Connect with us on