Published: 2007-04-15T03:07+00:00
Last Updated: 2007-05-12T18:10+00:00
TRTA07-103A
Microsoft Windows DNS RPC Buffer Overflow
Overview
A buffer overflow in the the Remote Procedure Call (RPC) management interface used by the Microsoft Windows Domain Name Service (DNS) service is actively being exploited.
Event Information
| Date (UTC) | Description |
| 2007-05-08 19:42 |
Microsoft Microsoft Security Bulletin MS07-029: Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966) Security Bulletin published. |
| 2007-05-08 19:42 |
Microsoft Microsoft Security Advisory (935964): Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution DNS RPC Management Vulnerability(CVE-2007-1748) Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS07-029 to address this issue. |
| 2007-04-18 17:35 |
Symantec ThreatCON (2) => (1) |
| 2007-04-18 15:05 |
Internet Security Systems AlertCon (2) => (1) Due to the seriousness of a remote code execution vulnerability in RPC on Windows Domain Name System (DNS) Server and absence of a vendor-supplied patch, the threat level has been elevated to AlertCon 2. |
| 2007-04-18 |
Bugtraq MS Windows DNS RPC Remote Buffer Overflow Exploit (port 445) v2 Vulnerability Proof Of Concept (CVE-2007-1748) #Cid: Microsoft_Dns_Server_Exploit_v2.1.zip #Tested: Windows 2000 Server [ES] SP4 #Tested: Windows 2000 Server [EN] SP4 #Tested: Windows 2000 Server [IT] SP4 #Tested: Windows 2003 [Universal] SP2 |
| 2007-04-18 |
Symantec W32.Rinbot.BF Exploit vulnerabilities (CVE-2006-2630, CVE-2006-3439(MS06-040), CVE-2007-1748) |
| 2007-04-17 |
Microsoft Microsoft Security Advisory (935964): Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution (CVE-2007-1748) Ongoing monitoring indicates that we are seeing a new attack that is attempting to exploit this vulnerability. |
| 2007-04-16 03:15 |
Bugtraq Microsoft DNS Server Remote Code execution: Analysis and exploit Vulnerability Proof Of Concept (CVE-2007-1748) #Cid: Microsoft_Dns_Server_Exploit.zip #Cid: dnsxpl.rar #Tested: Windows 2000 Server [ES] SP4 #Tested: Windows 2003 [ES] SP2 |
| 2007-04-16 |
Symantec W32.Rinbot.BC Exploit vulnerabilities (CVE-2006-2630, CVE-2006-3439(MS06-040), CVE-2007-1748) |
| 2007-04-16 |
SANS Internet Storm Center New Rinbot scanning for port 1025 DNS/RPC |
| 2007-04-16 |
SANS Internet Storm Center Update on Microsoft DNS vulnerability |
| 2007-04-16 |
McAfee W32/Nirbot.worm!83E1220A |
| 2007-04-15 18:51 |
Bugtraq Windows DNS DnssrvQuery Stack Overflow Vulnerability Proof Of Concept (CVE-2007-1748) #Cid: 23470-devcode.c #Tested: Windows Advanced Server |
| 2007-04-13 17:49 |
US-CERT TA07-103A: Microsoft Windows DNS RPC Buffer Overflow Via US-CERT Mailing List |
| 2007-04-13 16:40 |
Internet Security Systems AlertCon (1) => (2) Due to the seriousness of a remote code execution vulnerability in RPC on Windows Domain Name System (DNS) Server and absence of a vendor-supplied patch, the threat level has been elevated to AlertCon 2. |
| 2007-04-13 07:03 |
US-CERT Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution Microsoft has released a security advisory regarding a vulnerability in the Domain Name System (DNS) Server Service. |
| 2007-04-13 06:00 |
Symantec ThreatCON (1) => (2) |
| 2007-04-13 |
Microsoft Microsoft Security Advisory (935964): Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution (CVE-2007-1748) Advisory updated to include additional details about Windows Small Business Server. Mitigations also updated to include additional information regarding the affected network port range and firewall configuration. |
| 2007-04-13 |
Internet Security Systems Microsoft Windows DNS Server RPC Interface Buffer Overflow |
| 2007-04-13 |
SANS Internet Storm Center More info on the Windows DNS RPC interface vulnerability |
| 2007-04-13 |
SANS Internet Storm Center Microsoft Vulnerability in RPC on Windows DNS Server |
| 2007-04-13 |
Microsoft Microsoft Security Advisory (935964): Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution (CVE-2007-1748) Advisory "Suggested Actions" section updated to include additional information regarding TCP and UDP port 445 and the 15 character computer name known issue. |
| 2007-04-12 |
Microsoft Microsoft Security Advisory (935964): Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution (CVE-2007-1748) Advisory published. |
Other Information
| CVE |
CVE-2007-1748 |