MSRPC vulnerabilities
Showing 1 - 18 of 18 CVEs
- CVE-2026-20931 Published Jan 13, 2026
External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.
- CVE-2026-20821 Published Jan 13, 2026
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally.
- CVE-2026-20805 Published Jan 13, 2026
Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.
- CVE-2025-49760 Published Jul 8, 2025
External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.
- CVE-2025-29969 Published May 13, 2025
Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.
- CVE-2025-26679 Published Apr 8, 2025
Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-26651 Published Apr 8, 2025
Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
- CVE-2024-37079 Published Jun 18, 2024
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
- CVE-2023-42669 Published Nov 6, 2023
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.
- CVE-2022-26925 Published May 10, 2022
Windows LSA Spoofing Vulnerability
- CVE-2022-26923 Published May 10, 2022
Active Directory Domain Services Elevation of Privilege Vulnerability
- CVE-2022-26809 Published Apr 15, 2022
Remote Procedure Call Runtime Remote Code Execution Vulnerability
- CVE-2022-24528 Published Apr 15, 2022
Remote Procedure Call Runtime Remote Code Execution Vulnerability
- CVE-2022-24492 Published Apr 15, 2022
Remote Procedure Call Runtime Remote Code Execution Vulnerability
- CVE-2021-36958 Published Aug 12, 2021
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
- CVE-2021-1678 Published Jan 12, 2021
Windows Print Spooler Spoofing Vulnerability
- CVE-2020-1383 Published Aug 17, 2020
An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system To exploit this vulnerability, an attacker would need to run a specially crafted application against an RPC server which has Routing and Remote Access enabled. Routing and Remote Access is a non-default configuration; systems without it enabled are not vulnerable. The security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests.
- CVE-1999-0524 Published Aug 1, 1997
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.
high 8.0
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally.
medium 6.2
Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.
medium 5.5
External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.
low 3.5
Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.
high 7.5
Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally.
high 7.8
Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
medium 6.5
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
critical 9.8
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.
medium 6.5
Windows LSA Spoofing Vulnerability
high 8.1
Active Directory Domain Services Elevation of Privilege Vulnerability
high 8.8
Remote Procedure Call Runtime Remote Code Execution Vulnerability
critical 9.8
Remote Procedure Call Runtime Remote Code Execution Vulnerability
high 8.8
Remote Procedure Call Runtime Remote Code Execution Vulnerability
high 8.8
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
high 7.8
Windows Print Spooler Spoofing Vulnerability
high 8.8
An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system To exploit this vulnerability, an attacker would need to run a specially crafted application against an RPC server which has Routing and Remote Access enabled. Routing and Remote Access is a non-default configuration; systems without it enabled are not vulnerable. The security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests.
medium 5.5
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.