Microsoft SMB Client Pool Remote Code Execution Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	02/09/2009
Severity:	High
Operating Sysytem:	Microsoft Windows 2000 Microsoft Windows XP SP2 Microsoft Windows 2003
Applications Affected:	SMB Client
Type:	Remote
Identifiers:	CVE-2010-0016

Synopsis

Microsoft SMB Client is prone to remote code execution vulnerability in the way that SMB client receives malformed response from the server. After successful exploitation, remote attacker can execute arbitrary code in security context of logged-in user.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms10-006.mspx

Threat Analysis

The Server Message Block Protocol is a network file sharing protocol. SMB operates on application-layer network protocol mainly used to provide shared access to files, printers, serial ports, and miscellaneous communications between nodes on a network.

SMB client is prone to remote code execution vulnerability. This vulnerability exists when client receives a malformed response from a malicious SMB server and does not allocate sufficient memory for later storage. Successful exploitation allows to remote attacker can execute arbitrary code in security context of logged-in user.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0016

Write-up by: Gaurav Bajpai