• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Internet Security Systems Protocol Analysis Module SMB Parsing Heap Overflow Vulnerability

The Internet Security Systems (ISS) Protocol Analysis Module, included in multiple ISS products, is prone to a remotely exploitable heap overrun vulnerability. The issue exists in the SMB parsing routines provided by the module and is due to insufficient bounds checking of protocol fields.

This issue could potentially be exploited to execute arbitrary code on systems hosting the vulnerable software, potentially resulting in system compromise.