Secunia Advisory: SA31883
Critical: Less critical
Impact: DoS
Where: From local network
Solution Status: Unpatched
OS: Microsoft Windows Vista
Description:
A vulnerability has been reported in Microsoft Windows Vista, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an input validation error in the processing of "WRITE_ANDX" packets within srv.sys. This can be exploited to cause an invalid memory access and crash the system via a specially crafted SMB packet.
Successful exploitation without valid user credentials requires network access to an interface that allows NULL Sessions (e.g. "\LSARPC" on Windows Vista).
The vulnerability is reported in Microsoft Windows Vista SP1. Other versions may also be affected.
Solution:
Restrict network access to the affected service.
Bollettino di Sicurezza
Critical: Less critical
Impact: DoS
Where: From local network
Solution Status: Unpatched
OS: Microsoft Windows Vista
Description:
A vulnerability has been reported in Microsoft Windows Vista, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an input validation error in the processing of "WRITE_ANDX" packets within srv.sys. This can be exploited to cause an invalid memory access and crash the system via a specially crafted SMB packet.
Successful exploitation without valid user credentials requires network access to an interface that allows NULL Sessions (e.g. "\LSARPC" on Windows Vista).
The vulnerability is reported in Microsoft Windows Vista SP1. Other versions may also be affected.
Solution:
Restrict network access to the affected service.
Bollettino di Sicurezza