New Search

HIS Command Execution Vulnerability

oval:org.mitre.oval:def:6075

Microsoft Host Integration Server (HIS) 2000 2004 and 2006 does not limit RPC access to administrative functions which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function aka "HIS Command Execution Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 7
  • Microsoft Windows Vista
  • Microsoft Windows XP
  • Microsoft Windows Server 2003
  • Microsoft Windows 2000
Class:
vulnerability
Reference(s):
  • CVE-2008-3466
Product(s):
  • Microsoft Host Integration Server 2000
  • Microsoft Host Integration Server 2004
  • Microsoft Host Integration Server 2004 Client
  • Microsoft Host Integration Server 2006