SMB: Microsoft TAPI Service Overflow
This signature detects attempts to exploit a known vulnerability in Microsoft's TAPI Service. A remote code execution vulnerability exists in Telephony Application Programming Interface (TAPI) that can allow an attacker, who successfully exploited this vulnerability, to take complete control of the affected system.
Extended Description
Microsoft Windows Telephony Service is prone to a buffer-overflow vulnerability. This issue is due to a failure in the application to perform proper bounds checking on user-supplied data. A successful attack can result in overflowing a finite-sized buffer, ultimately leading to arbitrary code execution in the context of the affected service. This may allow the attacker to execute arbitrary code remotely or locally to gain elevated privileges. Remote code execution is possible only on Windows 2000 Server and Windows Server 2003; for other vulnerable platforms, the attacker must have local interactive access.
Affected Products
Microsoft windows_2000_server
References
BugTraq: 14518
CVE: CVE-2005-0058
URL: http://www.microsoft.com/technet/Security/bulletin/ms05-040.mspx
Short Name
SMB:OF:TAPI-SVC-OF
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
SMB
Keywords
CVE-2005-0058 Microsoft Overflow Service TAPI bid:14518
Release Date
08/09/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5