Intrusion Prevention



This indicates an attack attempt against a buffer-overflow vulnerability in the Windows RRAS service.
The vulnerability is caused by a boundary checking error when handling certain DCERPC requests. This can be exploited by attackers to execute arbitrary code via certain crafted DCERPC requests.

Affected Products

Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003


System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the patch, available from the vendor's website:

CVE References