Intrusion.Win.NETAPI.buffer-overflow.exploit

Class Intrusion
Platform Win
Description

Intrusion

Intrusion attacks attempt to exploit vulnerable or improperly configured applications, services, and operating systems remotely through a network to achieve arbitrary code execution and perform unauthorized network activity.

A successful intrusion attack can result in remote code execution on the targeted hosts.

Description

An Intrusion.Win.NETAPI.buffer-overflow.exploit attack targets Windows computers and attempts to exploit a flaw in the path canonicalization parser of the Server Service NetAPI library through a specially crafted RPC request. An attack uses SMB as an underlying protocol to perform RPC requests; therefore, it operates over TCP ports 139 and 445. The NetAPI buffer overflow vulnerability was fixed in Microsoft Security Bulletin MS08-67 (https://technet.microsoft.com/en-us/library/security/ms08-067.aspx).

Successful exploitation can result in remote code execution on target machines, which allows an attacker to load malware and propagate it to other vulnerable hosts on a network.

Net-Worm.Win32.Kido malware used a NetAPI buffer overflow exploit to spread on a network.