Intrusion Prevention

MS.Windows.Mailslot.Heap.Overflow

Description

This indicates an attempt to exploit a heap-based buffer overflow in the Server Service (SRV.SYS driver) in several Microsoft Windows versions.
The service fails to properly validate user supplied input before copying it into an internal buffer. Remote attackers can potentially execute arbitrary code through first class Mailslot messages that trigger memory corruption, and bypass size restrictions on second class Mailslot messages.

Affected Products

Microsoft Windows 2000
Windows XP
Windows Server 2003
Microsoft Windows XP Tablet PC Edition SP1-SP2
Microsoft Windows XP Tablet PC Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional SP1-SP2
Microsoft Windows XP Professional
Microsoft Windows XP Media Center Edition SP1-SP2
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Home SP1-SP2
Microsoft Windows XP Home
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Standard x64 Edition
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Enterprise x64 Edition
Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
Microsoft Windows Server 2003 Enterprise Edition Itanium
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter x64 Edition
Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
Microsoft Windows Server 2003 Datacenter Edition Itanium
Microsoft Windows Server 2003 Datacenter Edition SP1
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows 2000 Server SP1-SP4
Microsoft Windows 2000 Server
Microsoft Windows 2000 Professional SP1-SP4
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server SP1-SP4
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server SP1-SP4
Microsoft Windows 2000 Advanced Server

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply patch, available from the web site:
http://www.microsoft.com/technet/security/Bulletin/MS06-035.mspx

CVE References

CVE-2006-1314

Other References

1