SMB: IPC Buffer Overflow
This signature detects attempts to exploit a known vulnerability against Server Message Block (SMB). Attackers can submit malicious SMB packets that can allow them to take complete control of the affected system.
Extended Description
Microsoft SMB is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. Remote attackers may exploit this vulnerability to execute arbitrary machine code in the context of the kernel containing the vulnerable code. Microsoft has stated that other attack vectors may exist, in the form of passing malicious parameters to the affected component, either locally or remotely. Failed exploit attempts will likely crash the affected computer, denying service to legitimate users.
Affected Products
Microsoft windows_xp_media_center_edition
Short Name
SMB:OF:SMB-IPC-OF
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
SMB
Keywords
Buffer CVE-2005-1206 CVE-2012-1852 CVE-2012-1853 IPC Overflow bid:13942 bid:54931 bid:54940
Release Date
06/14/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5
10.0