Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: MS06-040: Server Service - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-040: Server Service
MS06-040 - KB921883

CRITICAL

This fixes a buffer overrun in the server service in Windows that allows for remote code execution.

The suggested workaround is to block port 139/tcp and 445/tcp with a firewall.

This sounds like it could be developed into a worm or used as a second stage once it's behind a corporate fireewall.

CVE-2006-3439

--
Swa Frantzen -- section 66


Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!