Signature Detail

SMB: Microsoft Windows SMB Client Transaction Response Buffer Overflow

A remote code execution vulnerability exists in Microsoft Windows SMB Client. The vulnerability is due to improper validation of certain fields when handling SMB transaction responses. Remote unauthenticated attackers could exploit this vulnerability by enticing a user to connect to a malicious SMB server and sending a specially crafted SMB response to the target machine. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the operating system kernel. Code injection that does not result in execution could crash the target system, and result in a Denial of Service condition.

Extended Description

Microsoft Windows is prone to a remote stack-based buffer-overflow vulnerability. An attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions.

Affected Products

• Avaya Meeting Exchange - Client Registration Server
• Avaya Meeting Exchange - Enterprise Edition
• Avaya Meeting Exchange - Recording Server
• Avaya Meeting Exchange - Streaming Server
• Avaya Meeting Exchange - Web Conferencing Server
• Avaya Meeting Exchange - Webportal
• Avaya Messaging Application Server 4
• Avaya Messaging Application Server 5
• Avaya Messaging Application Server MM 1.1
• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• Microsoft Windows 7 for 32-bit Systems
• Microsoft Windows 7 for x64-based Systems
• Microsoft Windows Server 2008 for Itanium-based Systems R2
• Microsoft Windows Server 2008 for x64-based Systems R2
• Nortel Networks CallPilot 1002Rp
• Nortel Networks CallPilot 1005R
• Nortel Networks CallPilot 201I
• Nortel Networks CallPilot 202I
• Nortel Networks CallPilot 600R
• Nortel Networks CallPilot 703T
• Nortel Networks Contact Center Administration
• Nortel Networks Contact Center Administration CCMA 6.0
• Nortel Networks Contact Center Administration CCMA 7.0
• Nortel Networks Contact Center Administration CCMA 7.1
• Nortel Networks Contact Center Express 7.1
• Nortel Networks Contact Center Express
• Nortel Networks Contact Center Manager
• Nortel Networks Contact Center Manager Server 6.0
• Nortel Networks Contact Center Manager Server 7.0
• Nortel Networks Contact Center Manager Server 7.1
• Nortel Networks Contact Center Manager Server
• Nortel Networks Contact Center NCC
• Nortel Networks Contact Center - TAPI Server
• Nortel Networks ENSM - Enterprise NMS 10.4
• Nortel Networks ENSM - Enterprise NMS 10.5
• Nortel Networks ENSM IP Address Manager
• Nortel Networks Symposium Agent

References

• BugTraq: 39339
• CVE: CVE-2010-0270