Header Ads

A Memory Corrupting Bug in Microsoft Windows

Memory Corrupt
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a DOS attack on a vulnerable system.

Microsoft Windows fails to properly handle a crafted EMF file that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure. By connecting to a malicious SMB server, a vulnerable Windows client system may crash in. Ethical Hackers Club confirmed the crash with fully-patched Windows 10 and Windows 8.1 client systems, We found that there are a number of ways to trigger a Windows system to connect to an SMB share. Some may require little to no user interaction. While the exploit code for this vulnerability is publicly available.

A remote attacker may cause a DOS attack by causing a Windows system to connect to a malicious SMB share.

Follow us on Twitter: #EthicalHackersClub
Find us on Facebook: Ethical Hackers Club

No comments

Powered by Blogger.