Intrusion Prevention

MS.Windows.SMB.DCERPC.NTLMSSP.Attempt

Description

This indicates an attempt to exploit a buffer overflow vulnerability in Microsoft's Abstract Syntax Notation One (ASN.1) Library.
The vulnerability is due to unchecked buffers in Microsoft's ASN.1 Library. A remote attacker can exploit them to launch a Denial of Service (DoS) attack on a target system, by sending a malformed NETBIOS message to TCP port 139 or 445.

Affected Products

Any unprotected Windows (Windows NT, 2000, XP, 2003) system is vulnerable to the attack.

Impact

Denial of Service.
System compromise: arbitrary code execution.

Recommended Actions

Apply appropriate patches or upgrade the system to the latest non-vulnerable version.