Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2007-1748

Published: 13/04/2007 Updated: 30/04/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote malicious users to execute arbitrary code via a long zone name containing character constants represented by escape sequences.

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 2003 server sp2

microsoft windows 2003 server sp1

microsoft windows 2000

Exploits

Exploit DB: mswin-dns-overflow.txt
Microsoft Windows DNS DnssrvQuery() stack overflow exploit Binds a shell to TCP port 4444 ...
Exploit DB: Microsoft DNS RPC Service - 'extractQuotedChar()' TCP Overflow (MS07-029) (Metasploit)
## # $Id: ms07_029_msdns_zonenamerb 9929 2010-07-25 21:37:54Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...
Exploit DB: Microsoft Windows - DNS RPC Remote Buffer Overflow (2)
Exploit v2 features: - Target Remote port 445 (by default but requires auth) - Manual target for dynamic tcp port (without auth) - Automatic search for dynamic dns rpc port - Local and remote OS fingerprinting (auto target) - Windows 2000 server and Windows 2003 server (Spanish) supported by default - Fixed bug with Windows 2003 Shell ...
Exploit DB: Microsoft DNS RPC Service - 'extractQuotedChar()' Remote Overflow 'SMB' (MS07-029) (Metasploit)
## # $Id: ms07_029_msdns_zonenamerb 10503 2010-09-28 15:23:14Z hdm $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...
Exploit DB: Microsoft Windows Server 2000 SP4 - DNS RPC Remote Buffer Overflow
#!/usr/bin/python # Remote exploit for the 0day Windows DNS RPC service vulnerability as # described in wwwsecurityfocuscom/bid/23470/info Tested on # Windows 2000 SP4 The exploit if successful binds a shell to TCP port 4444 # and then connects to it # # Cheers to metasploit for the first exploit # Written for educational and testing p ...
Exploit DB: Microsoft Windows - DNS DnssrvQuery Remote Stack Overflow
/* * Copyright (c) 2007 devcode * * * ^^ D E V C O D E ^^ * * Windows DNS DnssrvQuery() Stack Overflow * [CVE-2007-1748] * * * Description: * A vulnerability has been reported in Microsoft Windows, which can * be exploited by malicious people to compromise a vulnerable system * The vulnerability is caused due to a bo ...

Nmap Scripts

smb-vuln-ms07-029

Detects Microsoft Windows systems with Dns Server RPC vulnerable to MS07-029.

nmap --script smb-vuln-ms07-029.nse -p445 <host>
nmap -sU --script smb-vuln-ms07-029.nse -p U:137,T:139 <host>

Host script results:
| smb-vuln-ms07-029:
|   VULNERABLE:
|   Windows DNS RPC Interface Could Allow Remote Code Execution (MS07-029)
|     State: VULNERABLE
|     IDs:  CVE:CVE-2007-1748
|           A stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in
|           Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to
|           execute arbitrary code via a long zone name containing character constants represented by escape sequences.
|
|     Disclosure date: 2007-06-06
|     References:
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1748
|_      https://technet.microsoft.com/en-us/library/security/ms07-029.aspx

References

CWE-119http://blogs.technet.com/msrc/archive/2007/04/12/microsoft-security-advisory-935964-posted.aspxhttp://www.microsoft.com/technet/security/advisory/935964.mspxhttp://www.kb.cert.org/vuls/id/555920http://secunia.com/advisories/24871http://metasploit.com/svn/framework3/trunk/modules/exploits/windows/dcerpc/msdns_zonename.rbhttp://www.us-cert.gov/cas/techalerts/TA07-103A.htmlhttp://www.securityfocus.com/bid/23470http://www.securitytracker.com/id?1017910http://www.us-cert.gov/cas/techalerts/TA07-128A.htmlhttp://www.vupen.com/english/advisories/2007/1366https://exchange.xforce.ibmcloud.com/vulnerabilities/33629https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1228https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-029http://www.securityfocus.com/archive/1/468871/100/200/threadedhttp://www.securityfocus.com/archive/1/465863/100/100/threadedhttps://nvd.nist.govhttps://packetstormsecurity.com/files/55983/mswin-dns-overflow.txt.htmlhttps://www.exploit-db.com/exploits/16748/https://www.kb.cert.org/vuls/id/555920
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook