CVE-2007-2228

rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/27134	Vendor Advisory
http://secunia.com/advisories/27153	Vendor Advisory
http://securitytracker.com/id?1018787
http://www.securityfocus.com/archive/1/482023/100/0/threaded
http://www.securityfocus.com/archive/1/482366/100/0/threaded
http://www.securityfocus.com/bid/25974
http://www.us-cert.gov/cas/techalerts/TA07-282A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/3438	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-07-055.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-058
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2310

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_2000::sp4::::::*
	cpe:2.3:o:microsoft:windows_2003_server:::x64:::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp1::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_vista::::::::
	cpe:2.3:o:microsoft:windows_vista:::x64:::::*
	cpe:2.3:o:microsoft:windows_xp:::professional:::::*
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*

History

No history.

Information

Published : 2007-10-09 22:17

Updated : 2024-02-04 17:13

NVD link : CVE-2007-2228

Mitre link : CVE-2007-2228

CVE.ORG link : CVE-2007-2228

JSON object : View

Products Affected

microsoft

windows_vista
windows_xp
windows_2003_server
windows_2000

CWE

NVD-CWE-Other

{"id": "CVE-2007-2228", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-10-09T22:17:00.000", "references": [{"url": "http://secunia.com/advisories/27134", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/27153", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://securitytracker.com/id?1018787", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/482023/100/0/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/25974", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2007/3438", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-055.html", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-058", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2310", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak."}, {"lang": "es", "value": "En la biblioteca rpcrt4.dll (tambi\u00e9n conocida como la biblioteca de tiempo de ejecuci\u00f3n RPC) en Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 y SP2, Server 2003 x64 Edition y x64 Edition SP2, y Vista y Vista x64 Edition permiten que los atacantes remotos causar una denegaci\u00f3n de servicio (RPCSS servicio de parada y reinicio del sistema) por medio de una petici\u00f3n RPC que utiliza la autenticaci\u00f3n NTLMSSP PACKET con una firma de remolque de verificaci\u00f3n de valor cero, que conlleva una desreferencia no v\u00e1lida. NOTA: esto tambi\u00e9n afecta a Windows 2000 SP4, aunque el impacto es un filtrado de informaci\u00f3n."}], "lastModified": "2018-10-16T16:42:39.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD264C73-360E-414D-BE22-192F92E5A0A3"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE8F4276-4D97-480D-A542-FE9982FFD765"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:professional:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC5A2998-AFD9-4AD3-BC47-E653345323AB"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}