7.8

CVE-2007-2228

EPSS 76.67%
Published 09.10.2007 22:17:00
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference.  NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.

Affected products Warnungen 0 Metrics 2 CWE 0 References 14

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Windows 2003 Server Editionx64

Microsoft ≫ Windows 2003 Server Updatesp1

Microsoft ≫ Windows 2003 Server Updatesp2

Microsoft ≫ Windows 2003 Server Updatesp2 Editionx64

Microsoft ≫ Windows Vista

Microsoft ≫ Windows Vista Editionx64

Microsoft ≫ Windows Xp Editionprofessional

Microsoft ≫ Windows Xp Updatesp2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	76.67%	0.989

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

http://www.securityfocus.com/archive/1/482366/100/0/threaded

http://www.us-cert.gov/cas/techalerts/TA07-282A.html

US Government Resource

http://secunia.com/advisories/27134

Vendor Advisory

http://secunia.com/advisories/27153

Vendor Advisory

http://securitytracker.com/id?1018787

http://www.securityfocus.com/archive/1/482023/100/0/threaded

http://www.securityfocus.com/bid/25974

http://www.vupen.com/english/advisories/2007/3438

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-07-055.html

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-058

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2310

https://nvd.nist.gov/vuln/detail/CVE-2007-2228

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-2228

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-2228

EUVD