Strike ID:
E19-0bdt2
CVSS:
9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
32
Year:
2017

Description

This strike attempts to recreate a sequence of packets correlated with a buffer overflow vulnerability in Microsoft Windows SMBv1 service. Affected versions include Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold releases 1511 and 1607, and Windows Server 2016. The vulnerability is due to insufficient sanitization of user-supplied input while processing SMB COM TRANSACTION SECONDARY requests. A remote, unauthenticated attacker could exploit this vulnerability with a specially-crafted SMB packet, containing bad values for DataCount and DataDisplacement for the specified SMB package type. Successful exploitation leads to arbitrary code execution on the target system. Failing to exploiting this vulnerability usually leads to denial-of-service conditions of the targeted SMB server.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}