CVE-2010-3222

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2

Description The issue is related to a stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS). It allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client. This could enable an authenticated user to access resources running in the context of the NetworkService account.

Recommendations For Microsoft Windows XP versions SP2 through SP3, update to a version that includes the fix for this issue. For Microsoft Windows Server 2003 version SP2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the RPCSS to minimize the risk of exploitation.