There is a vulnerability in the Microsoft Windows Routing and Remote Access Service that could allow an attacker to take control of the affected system.
The Routing and Remote Access Service (RRAS) allows computers running the Windows 2000, XP, and Server 2003 operating systems to act as dial-up remote access server, virtual private network (VPN) server, Internet Protocol (IP) router, network address translator (NAT), and a dial-up and VPN site-to-site demand-dial router. RRAS replaced Remote Access Service (RAS) which was in Microsoft Windows NT.
There is an buffer overflow in the way Routing and Remote Access service handles RPC requests.
A remote attacker could execute arbitrary code on a vulnerable system. This includes installing programs, viewing, changing or deleting data. The attacker may also create a denial-of-service condition.
Thanks to Microsoft for the information provided in MS06-025.
This document was written by Ryan Giobbi.
|Date First Published:||2006-06-13|
|Date Last Updated:||2006-07-31 18:12 UTC|