TippingPoint Zero Day Initiative
 

Microsoft Windows SMB Out-Of-Bounds Read Denial of Service Vulnerability

ZDI-17-843: October 10th, 2017

CVE ID

CVSS Score

Affected Vendors

Affected Products

    Windows

TippingPoint™ IPS Customer Protection

TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 29694. For further product information on the TippingPoint IPS:

Vulnerability Details


This vulnerability allows remote attackers to create a denial-of-service on vulnerable installations of Microsoft Windows. Authentication is required to exploit this vulnerability, assuming the product is in its default configuration.

The specific flaw exists within the srv driver. A crafted request to an SMB share can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system.

Vendor Response

Microsoft has issued an update to correct this vulnerability. More details can be found at:

Disclosure Timeline

    2017-07-27 - Vulnerability reported to vendor
    2017-10-10 - Coordinated public release of advisory

Credit

This vulnerability was discovered by:
    pesante