Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:STC:DAVREDIR

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 WebDav Mini-Redirector Remote Code Execution

Release Date

 2008/02/12

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: WebDav Mini-Redirector Remote Code Execution


This signature detects attempts to exploit a known vulnerability against WebDav Mini-Redirector. A successful attack can allow attackers to execute remote code on the target system.

Extended Description

Microsoft Windows is prone to a heap-overflow vulnerability in the WebDAV Mini-Redirector component (also known as the Web Client service). This vulnerability may be triggered by a malicious WebDAV response. A successful exploit could let a remote attacker execute arbitrary code with SYSTEM privileges, completely compromising an affected computer. To be affected, the Web Client service must be enabled on the computer. The Web Client service is disabled by default on Microsoft Windows Server 2003.

Affected Products

  • Microsoft windows_server_2003 SP1
  • Microsoft windows_server_2003 SP2
  • Microsoft windows_server_2003_datacenter_x64_edition SP2
  • Microsoft windows_server_2003_datacenter_x64_edition
  • Microsoft windows_server_2003_enterprise_x64_edition SP2
  • Microsoft windows_server_2003_enterprise_x64_edition
  • Microsoft windows_server_2003_itanium SP1
  • Microsoft windows_server_2003_itanium SP2
  • Microsoft windows_server_2003_standard_edition SP1
  • Microsoft windows_server_2003_standard_edition SP2
  • Microsoft windows_server_2003_web_edition SP1
  • Microsoft windows_server_2003_web_edition SP2
  • Microsoft windows_vista Business
  • Microsoft windows_vista Enterprise
  • Microsoft windows_vista Home Basic
  • Microsoft windows_vista Home Premium
  • Microsoft windows_vista Ultimate
  • Microsoft windows_vista
  • Microsoft windows_vista_business_64-bit_edition
  • Microsoft windows_vista_enterprise_64-bit_edition
  • Microsoft windows_vista_home_basic_64-bit_edition
  • Microsoft windows_vista_home_premium_64-bit_edition
  • Microsoft windows_vista_ultimate_64-bit_edition
  • Microsoft windows_vista_x64_edition
  • Microsoft windows_xp_home SP2
  • Microsoft windows_xp_media_center_edition SP2
  • Microsoft windows_xp_professional SP2
  • Microsoft windows_xp_professional_x64_edition SP2
  • Microsoft windows_xp_professional_x64_edition
  • Microsoft windows_xp_tablet_pc_edition SP2
  • Nortel_networks enterprise_network_management_system
  • Nortel_networks self-service-ccss7
  • Nortel_networks self-service_ccxml
  • Nortel_networks self-service_mps_1000
  • Nortel_networks self-service_mps_500
  • Nortel_networks self-service_peri_application
  • Nortel_networks self-service_speech_server
  • Nortel_networks self_service_voicexml
  • Nortel_networks self-service_wvads

References

  • BugTraq: 27670
  • CVE: CVE-2008-0080

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out