Strike ID:
E19-0bdw1
CVSS:
9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
4
Year:
2017

Description

This strike attempts to recreate a sequence of packets correlated with a heap buffer overflow vulnerability in Microsoft Windows SMBv1 service. Affected versions include Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold releases 1511 and 1607, and Windows Server 2016. The vulnerability is due to insufficient sanitization of user-supplied input passed to the SrvOs2FeaToNt method. A remote, unauthenticated attacker could exploit this vulnerability via a specially-crafted SMB packet, containing bad values for Max Parameter Count and Max Data Count in the Trans Request header. Successful exploitation leads to arbitrary code execution on the target system. Failing to exploiting this vulnerability usually leads to denial-of-service conditions of the targeted SMB server. NOTE: The strike exemplifies only the scanning phase, prior to the actual attack. The vulnerability indicator is usually a Trans Response packet with the Error Status of STATUS INSUFF SERVER RESOURCES. For generating traffic containing ShadowBrokers shellcode, please see the strike for CVE-2017-0146.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}