Key Information Summary Vulnerability Name: Windows SMB Client Transaction Response Handling Vulnerability Release Date: 2005-02-08 Report Date: 2004-08-02 Severity: High (Allows remote code execution) Vendor: Microsoft Affected Systems: Windows 2000, Windows XP, Windows Server 2003 Summary: eEye Digital Security discovered a vulnerability in the Windows SMB client when processing SMB responses. A successful exploit allows an attacker to execute arbitrary code on the target system. Technical Details: - The MRXSMB.SYS driver is responsible for performing SMB client operations and handling responses from SMB servers. - An attacker can craft malicious Transaction response data, triggering a buffer overflow, which ultimately leads to code execution on the victim machine. Mitigation Measures: - Retina - Network Security Scanner has been updated to detect this vulnerability. - Blink - Endpoint Vulnerability Protection System is effective against this vulnerability. Vendor Status: Microsoft has released a patch to fix this vulnerability. For details, see: http://www.microsoft.com/technet/security/bulletin/MS05-011.mspx Discoverers: Yuji Ukai, Derek Soeder Related Links: - Retina - Network Security Scanner: http://www.eeye.com/html/products/retina/index.html - Blink - Endpoint Vulnerability Protection: http://www.eeye.com/html/products/blink/index.html