- Jan 24, 2011
- 9,378
On the Full Disclosure mailing list, an unknown contributor has disclosed a previously unknown security problem involving files shared via SMB under Windows. A buffer overflow in the heap can be exploited to inject arbitrary code into a system and execute it. The contributor also provided suitable code to demonstrate the problem.
Security firms Vupen and Secunia have confirmed the threat; they were able to reproduce the problem on Windows XP SP3 and Windows Server 2003 SP2. The flaw can be exploited remotely by using overly long server name strings sent in a specially crafted "Browser Election Request" packet. The buffer overflow is triggered via the BowserWriteErrorLogEntry() function in the mrxsmb.sys driver. No user authentication at the server is required
More details - link
Security firms Vupen and Secunia have confirmed the threat; they were able to reproduce the problem on Windows XP SP3 and Windows Server 2003 SP2. The flaw can be exploited remotely by using overly long server name strings sent in a specially crafted "Browser Election Request" packet. The buffer overflow is triggered via the BowserWriteErrorLogEntry() function in the mrxsmb.sys driver. No user authentication at the server is required
More details - link
