CVE-2008-3466 Information

Description

Microsoft Host Integration Server (HIS) 2000 2004 and 2006 does not limit RPC access to administrative functions which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function aka \HIS Command Execution Vulnerability.\

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745 http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://secunia.com/advisories/32233 http://www.securityfocus.com/bid/31620 http://www.securitytracker.com/id?1021043 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/2810 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-059 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6075