Reported August 22, 2002, by Core Security Technologies.
· Windows XP Professional
· Windows 2000 Advanced Server
· Windows 2000 Server
· Windows 2000 Professional
· Windows NT Workstation 4.0
· Windows NT Server 4.0
· Windows NT Server 4.0, Terminal Sever Edition
An unchecked buffer exists in Microsoft’s Server Message Block (SMB) that can result in a remotely exploitable Denial of Service (DoS) condition on the vulnerable system. By sending a specially crafted packet to certain transactions of the SMB command SMB_COM_TRANSACTION, an attacker can halt the OS with a blue screen. You can find detailed information about this vulnerability on the discoverer’s Web site.
The vendor, Microsoft, has released Security Bulletin MS02-045 (Unchecked Buffer in Network Share Provider Can Lead to Denial of Service) to address these vulnerabilities and recommends that affected users download and apply the appropriate patch mentioned in the bulletin.
Discovered by Alberto Solino and Hernan Ochoa of Core Security Technologies.