Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MS06-040: Server Service

Published: 2006-08-08
Last Updated: 2006-08-08 18:19:57 UTC
by Swa Frantzen (Version: 1)
0 comment(s)
MS06-040 - KB921883

CRITICAL

This fixes a buffer overrun in the server service in Windows that allows for remote code execution.

The suggested workaround is to block port 139/tcp and 445/tcp with a firewall.

This sounds like it could be developed into a worm or used as a second stage once it's behind a corporate fireewall.

CVE-2006-3439

--
Swa Frantzen -- section 66


Keywords:
0 comment(s)
Diary Archives