Vulnerability Note VU#631516
Microsoft Routing and Remote Access does not properly handle RPC requests
There is a vulnerability in the Microsoft Windows Routing and Remote Access Service that could allow an attacker to take control of the affected system.
The Routing and Remote Access Service (RRAS) allows computers running the Windows 2000, XP, and Server 2003 operating systems to act as dial-up remote access server, virtual private network (VPN) server, Internet Protocol (IP) router, network address translator (NAT), and a dial-up and VPN site-to-site demand-dial router. RRAS replaced Remote Access Service (RAS) which was in Microsoft Windows NT.
There is an buffer overflow in the way Routing and Remote Access service handles RPC requests.
A remote attacker could execute arbitrary code on a vulnerable system. This includes installing programs, viewing, changing or deleting data. The attacker may also create a denial-of-service condition.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||13 Jun 2006||31 Jul 2006|
CVSS Metrics (Learn More)
Thanks to Microsoft for the information provided in MS06-025.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2006-2370
- Date Public: 13 Jun 2006
- Date First Published: 13 Jun 2006
- Date Last Updated: 31 Jul 2006
- Severity Metric: 1.20
- Document Revision: 20
If you have feedback, comments, or additional information about this vulnerability, please send us email.