Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability

Microsoft Windows is prone to a remote code-execution vulnerability when processing the protocol headers for the Server Message Block (SMB) Negotiate Protocol Request.

NOTE: Reportedly, for this issue to be exploitable, file sharing must be enabled.

An attacker can exploit this issue to execute code with SYSTEM-level privileges; failed exploit attempts will likely cause denial-of-service conditions.

Windows 7 RC, Vista and 2008 Server are vulnerable; other versions may also be affected.

NOTE: Reportedly, Windows XP and 2000 are not affected.

UPDATE (September 9, 2009): Symantec has confirmed the issue on Windows Vista SP1 and Windows Server 2008.


 

Privacy Statement
Copyright 2010, SecurityFocus