A vulnerability exists, in Microsoft Windows Server Service, which may allow for remote code execution.
The Microsoft Server Service allows for local resource sharing via RPC. A vulnerability exists, in Microsoft Windows Server Service, which may allow for remote code execution. The flaw lies in the improper handling of specially-crafted (malicious) RPC requests. In a successful attack scenario, an attacker could potentially take full control of a target system via this vulnerability.Attack Vector
Malicious local network trafficUser Interaction
no user interaction is neededVendor Status
Responded and patchedVulnerable Systems
Vendor has provided a patch.2008-10-23
Exploit code has been released.2008-10-23
A proof of concept has been released.2008-11-16
A proof of concept has been released.
Download and install the patch available from Microsoft(958644):
Vulnerability in Server Service Could Allow Remote Code Execution (958644)