Intrusion Prevention

MS.SMB.Handlers.Remote.Buffer.Overflow

Description

This indicates a possible exploit of a remote buffer overflow vulnerability in Microsoft's SMB implementation.
The vulnerability is caused by an error when the vulnerable software handles
a malicious transaction responses for Trans or Trans2 commands . It allows a remote attacker to execute arbitrary code via sending a crafted smb Trans or Trans2 response packet.

Affected Products

Microsoft Windows 2003
Windows 2000
Windows XP.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply patch, available from the web site:
http://www.microsoft.com/technet/security/bulletin/ms05-011.mspx

CVE References

CVE-2005-0045

Other References

1