Intrusion Prevention

MS.Windows.SMB.Trans2.FINDFIRST2.Request

Description

It indicates a possible exploit of Remote Buffer Overflow Vulnerability in Microsoft SMB implementation.


SMB (Server Message Block) is a client server protocol used for file and printer sharing for Microsoft Windows and Unix-based operating systems. A vulnerability is reported in SMB implementation of Microsoft Windows that may allow an attacker to execute arbitrary code on the vulnerable system. This is due to SMB client driver MRXSMB.SYS failure to boundary check certain SMB server response packets. In order to exploit this an attacker may send malformed Transaction responses containing Trans or Trans2 commands with overly long file name and file name length field to a SMB client system to cause buffer overflow and leading to execution of arbitrary code on the vulnerable system.

Affected Products

Unpatched Microsoft Windows 2003, Windows 2000, and Windows XP.

Impact

Compromise of the affected system.

Recommended Actions

Apply security patch to the system as given in the Microsoft Security Bulletin MS05-011.

CVE References

CVE-2005-0045

Other References

1