Trojan (Gimmiv.A) and a Trojan searching for non-patched machines on LAN (Arpoc.A)
W32.Downadup aka ConямБcker
Vulnerable component: Windows
CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
CWE-ID: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow during path canonicalization in Windows Server service. By sending a specially crafted RCP request, a remote attacker can cause memory corruption and execute arbitrary code with privileges of system account.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: this vulnerability was being actively exploited.
- Microsoft Windows Server - Code Execution (PoC) (MS08-067) [Exploit-DB]
- Microsoft Windows Server - Code Execution (MS08-067) [Exploit-DB]
Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.