CVE-2009-0568

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description The issue is related to the RPC Marshalling Engine, which does not properly maintain its internal state. This allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message, potentially leading to the execution of arbitrary code and complete control of an affected system. The vulnerability is related to IDL interfaces containing a non-conformant varying array and specific flags such as FC SMVARRAY, FC LGVARRAY, FC VARIABLE REPEAT, and FC VARIABLE OFFSET. An attacker who successfully exploits this issue could install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2, update to a version that includes the fix for the RPC Marshalling Engine issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.