Tuesday, September 08, 2009


The vulnerability was discovered by Laurent Gaffié. Here's the short description about the vulnerability:
SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionnality. The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it’s used to identify the SMB dialect that will be used for futher communication.
Based on testing, Vista/2003/2008/Windows 7 (RC) are vulnerable to this exploit. However, Windows 2000/XP/Windows 7 (RTM) are NOT affected by this exploit.