Signature Detail

SMB: Microsoft DNS RPC Service Buffer Overflow

This signature detects attempts to exploit a vulnerability in Microsoft's DNS Server. A stack based buffer overflow is present in the Remote Procedure Call (RPC) Interface that allows an attacker to execute code in the context of SYSTEM.

Extended Description

Microsoft Windows Domain Name System (DNS) Server Service is prone to a stack-based buffer-overflow vulnerability in its Remote Procedure Call (RPC) interface. A remote attacker may exploit this issue to run arbitrary code in the context of the DNS Server Service. The DNS service runs in the 'SYSTEM' context. Successfully exploiting this issue allows attackers to execute arbitrary code, facilitating the remote compromise of affected computers. Windows Server 2000 Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2 are confirmed vulnerable to this issue. Microsoft Windows 2000 Professional SP4, Windows XP SP2, and Windows Vista are not affected by this vulnerability.

Affected Products

• Microsoft Small Business Server 2000
• Microsoft Small Business Server 2003
• Microsoft Small Business Server 2003 Premium Edition
• Microsoft Windows 2000 Server SP4
• Microsoft Windows Server 2003 SP1
• Microsoft Windows Server 2003 SP2
• Microsoft Windows Server 2003 Datacenter x64 Edition SP2
• Microsoft Windows Server 2003 Enterprise x64 Edition SP2
• Microsoft Windows Server 2003 Itanium SP1
• Microsoft Windows Server 2003 Itanium SP2
• Microsoft Windows Server 2003 x64 SP1
• Microsoft Windows Server 2003 x64 SP2

References

• BugTraq: 23470
• CVE: CVE-2007-1748
• URL: http://www.microsoft.com/technet/security/bulletin/ms07-029.mspx