4.11.26. WebClient service

The WebClient service runs one RPC service, available on the following endpoint:

Y:\>ifids -p ncacn_np -e "\pipe\DAV RPC SERVICE" \\.
Interfaces: 1
  c8cb7687-e6d3-11d2-a958-00c04f682e16 v1.0

Table 4.104. davclntrpc operations

InterfaceOperation numberOperation name
c8cb7687-e6d3-11d2-a958-00c04f682e16 v1.0: davclntrpc  
 0x00DavrCreateConnection
 0x01DavrDoesServerDoDav
 0x02DavrIsValidShare
 0x03DavrEnumNetUses
 0x04DavrEnumShares
 0x05DavrEnumServers
 0x06DavrGetConnection
 0x07DavrDeleteConnection
 0x08DavrGetUser
 0x09DavrConnectionExist
 0x0aDavrWinlogonLogonEvent
 0x0bDavrWinlogonLogoffEvent
 0x0cDavrGetDiskSpaceUsage
 0x0dDavrFreeUsedDiskSpace
 0x0eDavrGetTheLockOwnerOfTheFile

In February 2006, a security vulnerability discovered by Kostya Kortchinsky was fixed by Microsoft in the MS06-008 security bulletin [47]. It can be exploited (with valid user credentials) using the DavrCreateConnection operation (opnum 0) of the davclntrpc interface.