Vulnerabilities

CVE-2008-3466

by Fred · 14/10/2008

Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."

Date published : 2008-10-14

http://www.securityfocus.com/bid/31620

http://www.us-cert.gov/cas/techalerts/TA08-288A.html

Similar

Tags: Cybersecurity Alert