Added: 10/24/2008
CVE: CVE-2008-4250
BID: 31874
OSVDB: 49243
The Windows Server service supports file, print, and named-pipe sharing over the network.
A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the Windows Server service.
Apply the patch referenced in Microsoft Security Bulletin 08-067.
<http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx>
Due to the nature of this vulnerability, the success of the exploit depends on the contents of unused stack memory space, and therefore is not completely reliable.
Windows XP SP3 / Windows XP
Windows XP SP2
Windows XP SP1 / Windows XP
Windows Server 2003
Windows Server 2003 SP1
Windows Server 2003 SP2