Snort is an open-source intrusion detection system. It includes a DCE/RPC preprocessor, which reassembles DCE/RPC traffic before it is passed to the intrusion detection engine.
A buffer overflow vulnerability in the DCE/RPC preprocessor allows remote attackers to execute arbitrary commands by chaining together multiple
**WriteAndX** requests in the same TCP segment.
Upgrade to Snort 220.127.116.11 or higher.
Exploit works on Snort 18.104.22.168 on Windows and Snort 22.214.171.124 on Red Hat 8, and requires port 445/TCP to be open on the target.
Windows XP SP0 / Windows XP SP1
Windows XP SP2 / Windows XP