10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.967 High
EPSS
Percentile
99.5%
Added: 04/16/2007
CVE: CVE-2007-1748
BID: 23470
OSVDB: 34100
The Windows DNS service runs an RPC management interface which listens on a dynamically assigned TCP port.
A buffer overflow vulnerability in the Windows DNS service allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the management interface port.
See Microsoft Security Advisory 935964 for information on available updates and workarounds.
<http://www.us-cert.gov/cas/techalerts/TA07-103A.html>
Exploit works on Windows 2000 SP0 to SP4 and Windows Server 2003 SP1 and SP2.
Windows 2000
Windows Server 2003