Zero-Day Microsoft Windows SMB Buffer Overflow Vulnerability
( Microsoft Security R&D Blog Entry, VUPEN/ADV-2011-0394, CVE-2011-0654 )
Summary
A heap buffer overflow vulnerability has been reported in the Microsoft Windows Server Message Block (SMB) implementation. A remote attacker may exploit this vulnerability to create a denial of service condition or take complete control of a vulnerable system.
Details
The Server Message Block protocol is a network file sharing protocol that is implemented in Microsoft Windows.
The vulnerability is due to a heap overflow error in the "BowserWriteErrorLogEntry()" function within the Windows NT "mrxsmb.sys" driver when processing malformed Browser Election requests. A remote attacker could exploit this flaw by constructing a specially crafted Browser Election request and sending it to a target server. Successful exploitation of this vulnerability could cause the affected system to crash and might result in arbitrary code execution with elevated privileges.
Affected Products
This issue affects Microsoft Windows XP Service Pack 3 and Microsoft Windows Server 2003 Service Pack 2.
Solution
Check Point IPS Software Blade and NGX SmartDefense provide network protection against this vulnerability in the latest IPS update by detecting and blocking Browser Election requests that attempt to exploit it. For more information see CPAI-2011-018.
Originally Published:
Last Updated: 17-Feb-2011