Vulnerability details
Advisory: SB2007050801 - Remote code execution in Microsoft DNS server
Vulnerable component: Windows Server
CVE-ID: CVE-2007-1748
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
CWE-ID: CWE-119 - Memory corruption
Description:
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing RPC requests in Microsoft Windows DNS server, which contain long zone name parameter with escaped octal strings.
A remote attacker can send a specially crafted RPC request to vulnerable DNS server, cause stack-based buffer overflow and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
Public Exploits:
- Microsoft DNS RPC Service - extractQuotedChar() Overflow 'SMB' (MS07-029) (Metasploit) [Exploit-DB]
- Microsoft DNS RPC Service - extractQuotedChar() TCP Overflow (MS07-029) (Metasploit) [Exploit-DB]
- Microsoft Windows - DNS RPC - Remote Buffer Overflow (2) [Exploit-DB]
- Microsoft Windows Server 2000 SP4 - DNS RPC Remote Buffer Overflow [Exploit-DB]
- Microsoft Windows - DNS DnssrvQuery Remote Stack Overflow [Exploit-DB]