Definition
New Search
HIS Command Execution Vulnerability
oval:org.mitre.oval:def:6075
Microsoft Host Integration Server (HIS) 2000 2004 and 2006 does not limit RPC access to administrative functions which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function aka "HIS Command Execution Vulnerability."
Family:
windows
Status:
ACCEPTED
Platform(s):
- Microsoft Windows Server 2003
- Microsoft Windows Vista
- Microsoft Windows 2000
- Microsoft Windows 7
- Microsoft Windows XP
Class:
vulnerability
Reference(s):
- CVE-2008-3466
Product(s):
- Microsoft Host Integration Server 2000
- Microsoft Host Integration Server 2004
- Microsoft Host Integration Server 2006
- Microsoft Host Integration Server 2004 Client