Follow:

Vulnerability:Win/SMB.Server.RCE!CVE-2006-1314

Severity rating
Critical

Class/Type
Vulnerability

Discovered date
2006-07-11T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

There is a remote code execution vulnerability in the Server driver that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.



Impact

An attacker who successfully exploited this vulnerability could take complete control of the affected system.



Technical details (analysis)

A Mailslot is a temporary mechanism utilized by applications and processes to facilitate unidirectional data transfer. An unchecked buffer exists in this service. An attacker could try to exploit the vulnerability by creating and sending a specially crafted network packet to an affected system. The network packet could then cause the affected system to execute code.



Affected software

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition



Non-affected software

Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)



References




Solutions




NIS signature

Name: Vulnerability:Win/SMB.Server.RCE!CVE-2006-1314
Release Date: 2006-07-11T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

Block TCP port 445 at the firewall.
To help protect from network-based attempts to exploit this vulnerability, use a personal firewall, such as the Internet Connection Firewall, which is included with Windows XP and with Windows Server 2003.
To help protect from network-based attempts to exploit this vulnerability, enable advanced TCP/IP filtering on systems that support this feature.
To help protect from network-based attempts to exploit this vulnerability, block the affected ports by using IPSec on the affected systems.