Windows 0-day SMB mrxsmb.dll vulnerability
A new vulnerability has been discovered exploiting SMB component of Windows. The attack involves sending of malformed Browser Election requests leading the heap overflow within the mrxsmb.dll driver. The vulnerability is known to be able to cause DoS and fully control of vulnerable machines. Proof of concept code for DoS had been released. There are reports that this exploit only work on local network segment (this hasn't been verified).
The general practice of block port 137, 138, 139 and 445 should be observed especially with this 0-day.
More information on this exploit
http://www.vupen.com/english/advisories/2011/0394
Update: MS SRD has posted a blog on this vulnerability stating that remote exploit leading to code execution is highly unlikely.
Application Security: Securing Web Apps, APIs, and Microservices | San Francisco | Nov 18th - Nov 23rd 2024 |
Comments
A query
Feb 16th 2011
1 decade ago
Jason
Feb 16th 2011
1 decade ago
Dana Taylor
Feb 16th 2011
1 decade ago
Hal
Feb 16th 2011
1 decade ago
xanda
Feb 17th 2011
1 decade ago
Analysis from Microsoft suggests that Remote Code Execution is unlikely (Exploitability Index (XI) rating of ‘3’ – Functioning exploit code unlikely.):
http://blogs.technet.com/b/mmpc/archive/2011/02/16/my-sweet-valentine-the-cifs-browser-protocol-heap-corruption-vulnerability.aspx
http://blogs.technet.com/b/srd/archive/2011/02/16/notes-on-exploitability-of-the-recent-windows-browser-protocol-issue.aspx
Andy
Feb 17th 2011
1 decade ago
Dave
Feb 17th 2011
1 decade ago
Jim
Feb 18th 2011
1 decade ago
Bill
Feb 18th 2011
1 decade ago