In their currently published
/data/vulnerabilities/exploits/36299.py
there is line break error between lines 2 and 3.
Graham Perrin's List: code 49767 list 001
-
Sep 09, 09
Array index error in the SMB2 protocol implementation in srv2.sys in Microsoft Windows 7, Server 2008, and Vista Gold, SP1, and SP2 allows remote attackers to cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location.
-
Microsoft Windows 7, Server 2008, and Vista Gold, SP1, and SP2
-
denial of service (system crash)
-
-
-
ThreatCon is currently at Level 2: Elevated
-
remotely exploitable vulnerability affecting the SMB kernel component ('srv2.sys') of Windows Vista SP1 (and later) and possibly some versions of Windows 2008 and Windows 7
-
-
-
Add Sticky Noteexploit
-
-
-
-
SMB2 BSOD 0Day
-
Vista/2008/Windows 7
-
1 - 8 of 8
20 items/page
List Comments
(0)
List Info
8 items | 2 visits
* Microsoft Windows 7
* Microsoft Windows Vista
* Microsoft Windows Server 2008
-- please be aware of a recently reported zero day vulnerability affecting some versions. A denial-of-service attack on an affected system that has SMB2 enabled, for file sharing crashes the system with a BSoD (Blue Screen of Death).
In addition: the issue may be exploitable to achieve remote code execution.
Symantec Corp. ThreatCon is currently elevated (level 2 of 4).
Secunia Advisory SA36623 currently rates the vulnerability moderately critical (3 of 5).
U.S. National Vulnerability Database vulnerability CVE-2009-3103 will gain a completed summary in due course.
The following actions are advised:
* disable file sharing, unless it is explicitly required
* restrict access to TCP ports 139 and 445. - Graham Perrin on 2009-09-09