CVE-2007-2228

2007-10-0922:17:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

rpcrt4.dll

vulnerability

windows

denial of service

rpc

ntlmssp

authentication

security

nvd

6.6 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.94 High

EPSS

Percentile

99.1%

JSON

rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.

CPENameOperatorVersion
microsoft:windows_2003_servermicrosoft windows 2003 servereq*
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_vistamicrosoft windows vistaeq*
microsoft:windows_2000microsoft windows 2000eq*

CPE	Name	Operator	Version
microsoft:windows_2003_server	microsoft windows 2003 server	eq	*
microsoft:windows_xp	microsoft windows xp	eq	*
microsoft:windows_vista	microsoft windows vista	eq	*
microsoft:windows_2000	microsoft windows 2000	eq	*