|
|
>> Microsoft Windows Vista "WRITE_ANDX" Denial of Service Vulnerability
|
Title : Microsoft Windows Vista "WRITE_ANDX" Denial of Service Vulnerability
Advisory ID : VUPEN/ADV-2008-2583
CVE ID : CVE-2008-4114
CWE ID : CWE-20
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-09-16
|
|
A vulnerability has been identified in Microsoft Windows Vista, which could be exploited by remote attackers to cause a denial of service. This issue is caused by an error within the "srv.sys" driver when processing malformed "WRITE_ANDX" SMB packets, which could be exploited by remote unauthenticated attackers to crash an affected system by sending malformed packets to an interface allowing NULL Sessions (e.g. "\LSARPC" on Windows Vista).
Credits
Vulnerability reported by Javier Vicente Vallejo.
ChangeLog
2008-09-16 : Initial release
Vulnerability Management
Subscribe to VUPEN Security VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@vupen.com. | |
|
