Attacker Value
Very High
(2 users assessed)
Exploitability
Very High
(2 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

Microsoft RPC Code Execution MS08-067

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka “Server Service Vulnerability.”

Add Assessment

2
Ratings
Technical Analysis

MS08-067 was possibly the most popular vulnerability of the 2000s. It allows remote code execution, pre-authentication, against all default Windows operating system configurations of the time. While SMB, should never be exposed on the Internet, once on the internal network, almost all windows systems have it enabled.

Exploitation is trivial (point and shoot) through metasploit: https://www.rapid7.com/db/modules/exploit/windows/smb/ms08_067_netapi

This exploit was widely used and most notably known for the Conficker worm: https://en.wikipedia.org/wiki/Conficker

General Information

Additional Info

Technical Analysis