Intrusion.Win.NETAPI.buffer-overflow.exploit

Class: Intrusion

Description Intrusion attacks attempt to exploit vulnerable or improperly configured applications, services, and operating systems remotely through a network to achieve arbitrary code execution and perform unauthorized network activity. A successful intrusion attack can result in remote code execution on the targeted hosts.

Platform: Win

No platform description

Description

Intrusion Intrusion attacks attempt to exploit vulnerable or improperly configured applications, services, and operating systems remotely through a network to achieve arbitrary code execution and perform unauthorized network activity. A successful intrusion attack can result in remote code execution on the targeted hosts. Description An Intrusion.Win.NETAPI.buffer-overflow.exploit attack targets Windows computers and attempts to exploit a flaw in the path canonicalization parser of the Server Service NetAPI library through a specially crafted RPC request. An attack uses SMB as an underlying protocol to perform RPC requests; therefore, it operates over TCP ports 139 and 445. The NetAPI buffer overflow vulnerability was fixed in Microsoft Security Bulletin MS08-67 (https://technet.microsoft.com/en-us/library/security/ms08-067.aspx). Successful exploitation can result in remote code execution on target machines, which allows an attacker to load malware and propagate it to other vulnerable hosts on a network. Net-Worm.Win32.Kido malware used a NetAPI buffer overflow exploit to spread on a network.

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com