Skip to main content

Microsoft SMB Client Could Allow Remote Code Execution Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 14 Apr 2010 5365 Views

RISK: Medium Risk

1. SMB Client Incomplete Response Vulnerability

A denial of service vulnerability exists in the way that the Microsoft Server Message Block (SMB) client implementation handles specially crafted SMB responses. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted SMB response to a client-initiated SMB request. An attacker who successfully exploited this vulnerability could cause the computer to stop responding until restarted.

2. SMB Client Memory Allocation Vulnerability

An unauthenticated remote code execution vulnerability exists in the way that the Microsoft Server Message Block (SMB) client implementation allocates memory when parsing specially crafted SMB responses. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted SMB response to a client-initiated SMB request. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

3. SMB Client Transaction Vulnerability

An unauthenticated remote code execution vulnerability exists in the way that the Microsoft Server Message Block (SMB) client implementation handles specially crafted SMB transaction responses. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted SMB response to a client-initiated SMB request. An attacker who successfully exploited this vulnerability could take complete control of the system.

4. SMB Client Response Parsing Vulnerability

An unauthenticated remote code execution vulnerability exists in the way that the Microsoft Server Message Block (SMB) client implementation parses specially crafted SMB transaction responses. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted SMB response to a client-initiated SMB request. An attacker who successfully exploited this vulnerability could take complete control of the system.

5. SMB Client Message Size Vulnerability

An unauthenticated remote code execution vulnerability exists in the way that the Microsoft Server Message Block (SMB) client implementation handles specially crafted SMB responses. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted SMB response to a client-initiated SMB request. An attacker who successfully exploited this vulnerability could take complete control of the system.