Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Host Integration Server buffer overflow
updated since 14.10.2008
Published:15.10.2008
Source:
SecurityVulns ID:9362
Type:remote
Threat Level:
6/10
Description:Buffer overflow in RPC-based service.
Affected:MICROSOFT : Host Integration Server 2004
 MICROSOFT : Host Integration Server 2000
 MICROSOFT : Host Integration Server 2006
CVE:CVE-2008-3466 (Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability.")
Original documentdocumentIDEFENSE, iDefense Security Advisory 10.14.08: Microsoft Host Integration Server 2006 Command Execution Vulnerability (15.10.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-059 – Critical Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695) (14.10.2008)
Files:Microsoft Security Bulletin MS08-059 – Critical Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod