Buffer Overrun in Windows New

A security vulnerability exists in a networking components of Windows NT, 2000 and XP which could allow an attacker to execute code of their choice by sending a specially crafted SMB packet request.

Issue

Server Message Block (SMB) is the Internet Standard protocol that Windows uses to share files, printers, serial ports, and to communicate between computers using named pipes and mail slots. In a networked environment, servers make file systems and resources available to clients. Clients make SMB requests for resources, and servers make SMB responses in what’s described as a client server request-response protocol.

A flaw exists in the way that the server validates the parameters of an SMB packet. When a client system sends an SMB packet to the server system, it includes specific parameters that provide the server with a set of “instructions.” In this case, the server is not properly validating the buffer length established by the packet. If the client specifies a buffer length that is less than what is needed, it can cause the buffer to be overrun.

By sending a specially crafted SMB packet request, an attacker could cause a buffer overrun to occur. If exploited, this could lead to data corruption, system failure, or—in the worst case—it could allow an attacker to run the code of their choice. An attacker would need a valid user account and would need to be authenticated by the server to exploit this flaw.

Affected Products

• Microsoft Windows NT Server 4.0
• Microsoft Windows NT Server 4.0, Terminal Server Edition
• Microsoft Windows 2000
• Microsoft Windows XP

Download

Software patches are available from the following locations:

• Microsoft Windows NT Server 4.0
• Microsoft Windows NT Server 4.0, Terminal Server Edition
• Microsoft Windows 2000
• Microsoft Windows XP

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: July 10, 2003

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<