CVEブラウザに戻る

CVE-2007-1748

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0260%

EPSS Percentile30.04th

Published2007年4月13日

Last Modified2026年4月23日

Vulnerability Description

Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.

Affected Platforms (CPE)

💻

Microsoft

Windows 2000

All versions

💻

Microsoft

Windows 2003 Server

= sp1

💻

Microsoft

Windows 2003 Server

= sp1

💻

Microsoft

Windows 2003 Server

= sp1

💻

Microsoft

Windows 2003 Server

= sp2

💻

Microsoft

Windows 2003 Server

= sp2

💻

Microsoft

Windows 2003 Server

= sp2

References & Advisories

🔗 http://blogs.technet.com/msrc/archive/2007/04/12/microsoft-security-advisory-935964-posted.aspx

🔗 http://metasploit.com/svn/framework3/trunk/modules/exploits/windows/dcerpc/msdns_zonename.rb

🔗 http://secunia.com/advisories/24871

🔗 http://www.kb.cert.org/vuls/id/555920

🔗 http://www.microsoft.com/technet/security/advisory/935964.mspx

🔗 http://www.securityfocus.com/archive/1/465863/100/100/threaded

🔗 http://www.securityfocus.com/archive/1/468871/100/200/threaded

🔗 http://www.securityfocus.com/bid/23470

関連する脆弱性情報

CVE-2000-103410.0

Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a ...

CVE-2000-006110.0

Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document h...

CVE-2000-022210.0

The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote ...

CVE-2000-107110.0

The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote...