Windows Server Service buffer overflow MS08-067

Added: 10/24/2008
CVE: CVE-2008-4250
BID: 31874
OSVDB: 49243


The Windows Server service supports file, print, and named-pipe sharing over the network.


A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the Windows Server service.


Apply the patch referenced in Microsoft Security Bulletin 08-067.



Due to the nature of this vulnerability, the success of the exploit depends on the contents of unused stack memory space, and therefore is not completely reliable.


Windows XP SP3 / Windows XP
Windows XP SP2
Windows XP SP1 / Windows XP
Windows Server 2003
Windows Server 2003 SP1
Windows Server 2003 SP2

Back to exploit index