SMTP: Microsoft Windows Private Communications Transport Protocol Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Microsoft Windows SMTP Service. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Extended Description
Various Microsoft Windows operating systems are prone to a remotely exploitable stack-based buffer overrun via the PCT (Private Communications Transport) protocol. Successful exploitation of this issue could allow a remote attacker to execute malicious code on a vulnerable system, resulting in full system compromise. The vulnerability may also reportedly be exploitable by a local user who passes malicious parameters to the vulnerable component interactively or through another application. This issue is reported to only affect systems that have SSL enabled, such as web servers, but could also affect Windows 2000 Domain Controllers under some circumstances. For Windows Server 2003, PCT must be manually enabled in addition to enabling SSL support to be affected. Reportedly, both PCT 1.0 and SSL 2.0 must be enabled for successful exploitation. The DeepSight Threat Analysis team has observed exploit activity in the wild associated with this vulnerability.
Affected Products
Avaya s8100_media_servers,Microsoft windows_nt_terminal_server
Short Name
SMTP:IIS:SSL-PCT-OF
Severity
Major
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
Buffer CVE-2003-0719 Communications Microsoft Overflow Private Protocol Transport Windows bid:10116
Release Date
06/10/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Occasionally
Vendors
Microsoft
Avaya
CVSS Score
7.5