Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:DAVREDIR

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 WebDav Mini-Redirector Remote Code Execution

Release Date

 2008/02/12

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: WebDav Mini-Redirector Remote Code Execution


This signature detects attempts to exploit a known vulnerability against WebDav Mini-Redirector. A successful attack can allow attackers to execute remote code on the target system.

Extended Description

Microsoft Windows is prone to a heap-overflow vulnerability in the WebDAV Mini-Redirector component (also known as the Web Client service). This vulnerability may be triggered by a malicious WebDAV response. A successful exploit could let a remote attacker execute arbitrary code with SYSTEM privileges, completely compromising an affected computer. To be affected, the Web Client service must be enabled on the computer. The Web Client service is disabled by default on Microsoft Windows Server 2003.

Affected Products

  • Microsoft Windows Server 2003 SP1
  • Microsoft Windows Server 2003 SP2
  • Microsoft Windows Server 2003 Datacenter x64 Edition SP2
  • Microsoft Windows Server 2003 Datacenter x64 Edition
  • Microsoft Windows Server 2003 Enterprise x64 Edition SP2
  • Microsoft Windows Server 2003 Enterprise x64 Edition
  • Microsoft Windows Server 2003 Itanium SP1
  • Microsoft Windows Server 2003 Itanium SP2
  • Microsoft Windows Server 2003 Standard Edition SP1
  • Microsoft Windows Server 2003 Standard Edition SP2
  • Microsoft Windows Server 2003 Web Edition SP1
  • Microsoft Windows Server 2003 Web Edition SP2
  • Microsoft Windows Vista Business
  • Microsoft Windows Vista Enterprise
  • Microsoft Windows Vista Home Basic
  • Microsoft Windows Vista Home Premium
  • Microsoft Windows Vista Ultimate
  • Microsoft Windows Vista
  • Microsoft Windows Vista Business 64-bit edition
  • Microsoft Windows Vista Enterprise 64-bit edition
  • Microsoft Windows Vista Home Basic 64-bit edition
  • Microsoft Windows Vista Home Premium 64-bit edition
  • Microsoft Windows Vista Ultimate 64-bit edition
  • Microsoft Windows Vista x64 Edition
  • Microsoft Windows XP Home SP2
  • Microsoft Windows XP Media Center Edition SP2
  • Microsoft Windows XP Professional SP2
  • Microsoft Windows XP Professional x64 Edition SP2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Tablet PC Edition SP2
  • Nortel Networks Enterprise Network Management System
  • Nortel Networks Self-Service - CCSS7
  • Nortel Networks Self-Service CCXML
  • Nortel Networks Self-Service MPS 1000
  • Nortel Networks Self-Service MPS 500
  • Nortel Networks Self-Service Peri Application
  • Nortel Networks Self-Service Speech Server
  • Nortel Networks Self Service VoiceXML
  • Nortel Networks Self-Service WVADS

References

  • BugTraq: 27670
  • CVE: CVE-2008-0080

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out