Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability

Attackers can use readily available tools to exploit this issue.

NOTE: Microsoft indicates that this issue is being exploited in the wild.

Reports indicate that this issue is being exploited in the wild by 'Trojan.Gimmiv.A'. Please see the references for more information.

The following Windows 2000 proof of concept and exploit are available to members of the Immunity Partners program:

https://www.immunityinc.com/downloads/immpartners/ms08_067.tgz
https://www.immunityinc.com/downloads/immpartners/ms08_067-2.tgz

Immunity has released the following Windows XP SP3 exploit to members of the Immunity Partners program:

https://www.immunityinc.com/downloads/immpartners/ms08_067-3.tgz

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

The following Metasploit exploit module is available:

https://metasploit.com/ms08_067_netapi.rb

NOTE: A worm is exploiting this vulnerability in the wild. Symantec detects it as 'W32.Wecorl'. Please see the references for more information.

UPDATE (November 22, 2008): An additional worm ('W32.Downadup') has been detected. This worm propagates over TCP port 445.

UPDATE: (December 31, 2008): A new variant of the Downadup worm ('W32.Downadup.B') is propagating in the wild.

The following proof-of-concept and exploit code are available:

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.


 

Privacy Statement
Copyright 2010, SecurityFocus