Microsoft Incoming SMB Packet Validation Remote Buffer Overflow Vulnerability
This question was answered on July 1, 2005. Much of the information contained herein may have changed since posting.
Microsoft SMB is susceptible to a remote buffer overflow vulnerability This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.
Remote attackers may exploit this vulnerability to execute arbitrary machine code in the context of the kernel containing the vulnerable code Microsoft has stated that other attack vectors may exist, in the form of passing malicious parameters to the affected component, either locally or remotely.
Failed exploit attempts will likely crash the affected computer, denying service to legitimate users This vulnerability effects all current Windows operating systems and has been addressed by a Windows Hotfix.
For more information on this exploit, as well as the fix and prevention, click here.
About the author
Posted by Chad of Data Doctors on July 1, 2005