Tag
#Windows Routing and Remote Access Service (RRAS)
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.
**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.
**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** This attack requires an admin user on the client to connect to a malicious server and then take specific actions which could result in information disclosure.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.
**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.
**How could an attacker exploit this vulnerability?** An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.