Intrusion Prevention



This indicates a possible attempt to exploit a remote buffer-overflow vulnerability in Microsoft's SMB implementation.
The vulnerability is caused by an error when the vulnerable software handles a malicious Trans or Trans2 command with a malformed "file name". It allows a remote attacker to execute arbitrary code via sending a crafted SMB response packet.

Affected Products

Microsoft Windows 2000 SP3 and Microsoft Windows 2000 SP4
Microsoft Windows XP SP1 and Microsoft Windows XP SP2
Microsoft Windows XP 64-Bit Edition SP1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems


System compromise: Arbitrary code execution

Recommended Actions

Microsoft Security Bulletin MS05-011 was released to address this issue:

CVE References