CVE-2007-1748

Name of the Vulnerable Software and Affected Versions: Microsoft Windows 2000 Server version SP 4 Microsoft Windows Server 2003 versions SP 1 through SP 2

Description: A stack-based buffer overflow issue exists in the RPC interface of the Domain Name System (DNS) Server Service. This allows remote attackers to execute arbitrary code by sending a long zone name that contains character constants represented by escape sequences.

Recommendations: For Microsoft Windows 2000 Server SP 4, update the DNS Server Service to a version that includes the fix for this issue. For Microsoft Windows Server 2003 SP 1 and SP 2, update the DNS Server Service to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the DNS Server Service RPC interface until a patch is available.