Rapid7 Vulnerability & Exploit Database

Microsoft Server Service / CanonicalizePathName() Remote Code Execution Vulnerability

Back to Search

Microsoft Server Service / CanonicalizePathName() Remote Code Execution Vulnerability

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
08/08/2006
Created
07/25/2018
Added
08/21/2006
Modified
03/21/2018

Description

Certain versions of Microsoft Windows are vulnerable to a remote buffer overflow which could compromise a target machine. A specially crafted packet could be used in a call to the NetPathCanonicalize RPC routine in the Server Service, whereby an attacker could execute code under SYSTEM level access.

Solution(s)

  • install-microsoft-patch-56b3a8e49fef7b51c863a6a2864f9bb5
  • install-microsoft-patch-864f1a149e350e942e639b663f6f9ecc
  • install-microsoft-patch-db747f40044233d5a066f2a518a893c7

References

  • install-microsoft-patch-56b3a8e49fef7b51c863a6a2864f9bb5
  • install-microsoft-patch-864f1a149e350e942e639b663f6f9ecc
  • install-microsoft-patch-db747f40044233d5a066f2a518a893c7

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;