Skip to main content

Microsoft SMB Server Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 10 Feb 2010 5397 Views

RISK: Medium Risk

1. SMB Pathname Overflow Vulnerability

An authenticated remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. An attacker could exploit the vulnerability by sending a specially crafted network message to a system running the Server service as an authenticated user. While an attacker who successfully exploited this vulnerability could take complete control of the affected system, attempts to exploit this vulnerability will most probably result in a Denial of Service condition.

2. SMB Memory Corruption Vulnerability

A denial of service vulnerability exists in the way that in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the Server service.

3. SMB Null Pointer Vulnerability

A denial of service vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB (SMB) packets. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the Server service. An attacker who successfully exploited this vulnerability could cause the computer to stop responding until restarted.

4.
SMB NTLM Authentication Lack of Entropy Vulnerability

An unauthenticated elevation of privilege vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles authentication attempts. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending large amounts of authentication requests to the SMB server. An attacker who successfully exploited this vulnerability could access the SMB service on the target user under the credentials of an authorized user.