Skip to main content

Microsoft SMB Client Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 10 Feb 2010 5197 Views

RISK: Medium Risk

1. SMB Client Pool Corruption Vulnerability

An unauthenticated remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB responses. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted SMB response to a client-initiated SMB request. An attacker who successfully exploited this vulnerability could take complete control of the system.

2. SMB Client Race Condition Vulnerability

An unauthenticated remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted SMB response to client-initiated SMB request. An attacker who successfully exploited this vulnerability could take complete control of the system.

On Windows Vista and Windows Server 2008, this vulnerability could result in an elevation of privilege vulnerability due to the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB negotiate responses. An attacker who successfully exploited this vulnerability could run arbitrary code with system-level privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials and be able to log on locally to elevate privileges in this manner.

This vulnerability could also result in a denial of service. An attempt to exploit the vulnerability in this manner would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted SMB response to a client-initiated SMB request. An attacker who successfully exploited this vulnerability could cause the computer to stop responding until restarted.