CVE-2007-2228
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
6.4 Medium
AI Score
Confidence
Low
0.94 High
EPSS
Percentile
99.2%
rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
Affected configurations
References
secunia.com/advisories/27134
secunia.com/advisories/27153
securitytracker.com/id?1018787
www.securityfocus.com/archive/1/482023/100/0/threaded
www.securityfocus.com/archive/1/482366/100/0/threaded
www.securityfocus.com/bid/25974
www.us-cert.gov/cas/techalerts/TA07-282A.html
www.vupen.com/english/advisories/2007/3438
www.zerodayinitiative.com/advisories/ZDI-07-055.html
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-058
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2310
Related
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
6.4 Medium
AI Score
Confidence
Low
0.94 High
EPSS
Percentile
99.2%