CVE-2010-2567

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2

Description The issue is related to the RPC client implementation, which does not properly allocate memory during the parsing of responses. This allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response. An unauthenticated remote code execution vulnerability exists in the way that the Remote Procedure Call (RPC) client implementation allocates memory when parsing specially crafted RPC responses. An attacker who successfully exploited this issue could execute arbitrary code and take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows XP versions SP2 through SP3, update to a version that includes the fix for this issue. For Microsoft Windows Server 2003 version SP2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to RPC services to minimize the risk of exploitation.