Intrusion Prevention

MS.RRAS.RasRpcSubmitRequest.Buffer.Overflow

Description

This indicates an attack attempt against a buffer-overflow vulnerability in the Windows RRAS service.
The vulnerability is caused by a boundary checking error when handling certain DCERPC requests. This can be exploited by attackers to execute arbitrary code via certain crafted DCERPC requests.

Affected Products

Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the patch, available from the vendor's website:
http://www.microsoft.com/technet/security/Bulletin/MS06-025.mspx

CVE References

CVE-2006-2370