Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: microsoft
Published: 2008-10-15T00:00:00
Updated: 2018-10-12T19:57:01
Reserved: 2008-08-04T00:00:00
Link: CVE-2008-3466
JSON object: View
NVD Information
Status : Modified
Published: 2008-10-15T00:12:15.740
Modified: 2018-10-12T21:48:03.247
Link: CVE-2008-3466
JSON object: View
Redhat Information
No data.
CWE