Release DateOct 16, 2008 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt to exploit a remote code execution in the Microsoft Host Integration Server RPC service which may lead to elevation of privilege. Successful exploitation, could allow an unauthenticated attacker to perform admin-privileged tasks such as arbitrary program execution. |
Affected ProductsMicrosoft Host Integration Server 2000 Service Pack 2 (Server)Microsoft Host Integration Server 2000 Administrator Client Microsoft Host Integration Server 2004 (Server) Microsoft Host Integration Server 2004 Service Pack 1 (Server) Microsoft Host Integration Server 2004 (Client) Microsoft Host Integration Server 2004 Service Pack 1 (Client) Microsoft Host Integration Server 2006 for 32-bit systems Microsoft Host Integration Server 2006 for x64-based systems |
Recommended ActionsApply patch, available from the web site:http://www.microsoft.com/technet/security/Bulletin/MS08-059.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2008-3466 |
Reference/shttp://www.frsirt.com/english/advisories/2008/2810 (FrSIRT)http://www.securityfocus.com/bid/31620 (BugTraq) http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745 http://technet.microsoft.com/en-us/security/bulletin/ms08-059.mspx (MS-ID) |
