CVE-2007-2228 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-2228
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-2228

Description: rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.

CVE Status: Candidate

References: ST 1018787 SAID Secunia Advisory: SA27134 Secunia Advisory: SA27153 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2310 MS http://www.microsoft.com/technet/security/Bulletin/MS07-058.mspx MISC http://www.zerodayinitiative.com/advisories/ZDI-07-055.html HP http://www.securityfocus.com/archive/1/archive/1/482366/100/0/threaded CERT http://www.us-cert.gov/cas/techalerts/TA07-282A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/482023/100/0/threaded BID 25974

Return to the previous page.