Intrusion Prevention

MS.Windows.SMB.Handlers.Remote.Buffer.Overflow

Description

This indicates a possible attempt to exploit a remote buffer-overflow vulnerability in Microsoft's SMB implementation.
The vulnerability is caused by an error when the vulnerable software handles a malicious Trans or Trans2 command with a malformed "file name". It allows a remote attacker to execute arbitrary code via sending a crafted SMB response packet.

Affected Products

Microsoft Windows 2000 SP3 and Microsoft Windows 2000 SP4
Microsoft Windows XP SP1 and Microsoft Windows XP SP2
Microsoft Windows XP 64-Bit Edition SP1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems

Impact

System compromise: Arbitrary code execution

Recommended Actions

Microsoft Security Bulletin MS05-011 was released to address this issue:
http://www.microsoft.com/technet/security/bulletin/MS05-011.mspx

CVE References

CVE-2005-0045