In association with heise online

16 February 2011, 12:23

New hole in Windows file sharing

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

On the Full Disclosure mailing list, an unknown contributor has disclosed a previously unknown security problem involving files shared via SMB under Windows. A buffer overflow in the heap can be exploited to inject arbitrary code into a system and execute it. The contributor also provided suitable code to demonstrate the problem.

Security firms Vupen and Secunia have confirmed the threat; they were able to reproduce the problem on Windows XP SP3 and Windows Server 2003 SP2. The flaw can be exploited remotely by using overly long server name strings sent in a specially crafted "Browser Election Request" packet. The buffer overflow is triggered via the BowserWriteErrorLogEntry() function in the mrxsmb.sys driver. No user authentication at the server is required.

Microsoft has not yet released a statement, let alone a patch. The best way of protecting systems is to place the access to shared Windows files behind a firewall. If you are connected to a network marked as "public", Windows Firewall already reliably does this.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit