SMB: DLL File Transfer
This signature detects Microsoft Windows Dynamically Link Libraries (DLL's) transferred via the Server Message Block (SMB) protocol. Vulnerabilities in Microsoft Windows allow an attacker to reference a malicious remote DLL file (using an SMB URI) through a Web page that when the page is accessed overwrites a local DLL, resulting in arbitrary code execution.
Extended Description
Microsoft Windows is prone to an arbitrary-code-execution vulnerability that affects the Data Access Component. Attackers can exploit this vulnerability to execute arbitrary code in the context of the user running the vulnerable application.
Affected Products
Avaya messaging_application_server,Avaya communication_server_1000_telephony_manager
References
BugTraq: 49026 52036 49353 53011 42654 65745 52375
CVE: CVE-2015-6132
URL: https://www.microsoft.com/technet/security/advisory/2269637.mspx https://technet.microsoft.com/en-us/library/security/ms15-132 https://www.securify.nl/advisory/sfy20150801/com__services_dll_side_loading_vulnerability.html http://technet.microsoft.com/en-us/security/bulletin/ms12-022
Short Name
SMB:FILE:DLL-TRANSFER
Severity
Major
Recommended
False
Recommended Action
None
Category
SMB
Keywords
CVE-2011-0107 CVE-2011-0108 CVE-2011-1975 CVE-2011-1991 CVE-2011-3190 CVE-2012-0008 CVE-2012-0016 CVE-2012-0756 CVE-2012-1241 CVE-2012-1849 CVE-2012-2519 CVE-2015-1758 CVE-2015-6132 DLL File Transfer bid:42654 bid:49026 bid:49353 bid:52036 bid:52375 bid:53011 bid:65745
Release Date
09/02/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3680
False Positive
Frequently
Vendors
Microsoft
Avaya
CVSS Score
9.3
6.9
10.0
7.9
7.5