OSVDB ID: 66976

Title: Microsoft Windows SMB Server Compounded Request Handling Stack Exhaustion Remote DoS

Info

Disclosure

Aug 10, 2010

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Aug 10, 2010

Description

Microsoft Windows contains a flaw that may allow a denial of service. The issue is triggered when an error when handling Server Message Block (SMB) version 2 compounded requests can be exploited via a specially crafted SMB packet. It can cause a system running the Server service to stop responding.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Patch / RCS
Disclosure: Vendor Verified

Solution

Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Windows	XP Professional
		2008 Server
		Vista
		7
		XP Home Edition
	Windows Server 2003	SP0

References

CVE ID: 2010-2552 (see also: NVD)
Secunia Advisory ID: 40935
SCIP VulDB ID: 4166
Related OSVDB ID: 66974 66975
Microsoft Knowledge Base Article: 982214
News Article: http://www.scmagazineus.com/microsoft-lists-four-of-its-record-14-patches-as-high-priority/article/176727/
Microsoft Security Bulletin: MS10-054

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/66976

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Windows

Windows Server 2003

References

Credit