Описание
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
FAQ
According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?
This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.
How could an attacker exploit this vulnerability?
An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows Server 2008 for 32-bit Systems Service Pack 2 | ||
| Windows Server 2008 for x64-based Systems Service Pack 2 | ||
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | ||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | ||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | ||
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | ||
| Windows Server 2012 | ||
| Windows Server 2012 (Server Core installation) | ||
| Windows Server 2012 R2 | ||
| Windows Server 2012 R2 (Server Core installation) |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
8.8 High
CVSS3
Связанные уязвимости
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
EPSS
8.8 High
CVSS3