CVE-2007-2228

Published: Oct 9, 2007Modified: Apr 23, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.

Affected (9)

Products: Microsoft: Windows 2000, Windows 2003 Server, Windows Vista, Windows Xp

4 products

Windows 2003 Server

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 2000	All versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

References (22)

http://secunia.com/advisories/27134

Source: secure@microsoft.com

Vendor Advisory

http://secunia.com/advisories/27153

Source: secure@microsoft.com

Vendor Advisory

http://securitytracker.com/id?1018787

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/482023/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/482366/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/25974

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA07-282A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2007/3438

Source: secure@microsoft.com

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-07-055.html

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-058

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2310

Source: secure@microsoft.com

http://secunia.com/advisories/27134

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/27153

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1018787

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/482023/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/482366/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/25974

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA07-282A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2007/3438

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-07-055.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-058

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2310

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.