Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1748

CWE-119Buffer Overflow9 documents5 sources
Severity
10.0CRITICAL
EPSS
84.0%
top 0.70%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Windows 2003 Server
Timeline
PublishedApr 13
Latest updateMay 1

Description

Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-vwph-hfgx-rhgf: Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP2022-05-01
CVEList
CVE-2007-1748: Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP2007-04-13
VulnCheck
Microsoft Windows Improper Restriction of Operations within the Bounds of a Memory Buffer2007

💥Exploits & PoCs

5
Exploit-DB
Microsoft DNS RPC Service - 'extractQuotedChar()' Remote Overflow 'SMB' (MS07-029) (Metasploit)2010-09-28
Exploit-DB
Microsoft DNS RPC Service - 'extractQuotedChar()' TCP Overflow (MS07-029) (Metasploit)2010-07-25
Exploit-DB
Microsoft Windows - DNS RPC Remote Buffer Overflow (2)2007-04-18
Exploit-DB
Microsoft Windows - DNS DnssrvQuery Remote Stack Overflow2007-04-15
Exploit-DB
Microsoft Windows Server 2000 SP4 - DNS RPC Remote Buffer Overflow2007-04-15
CVE-2007-1748 (CRITICAL CVSS 10) | Stack-based buffer overflow in the | cvebase.io