Saturday, July 12, 2003

MS03-024

Microsoft released MS03-024: Buffer Overrun in Windows Could Lead to Data Corruption (817606). From the technical details, "By sending a specially crafted SMB packet request, an attacker could cause a buffer overrun to occur. If exploited, this could lead to data corruption, system failure, or—in the worst case—it could allow an attacker to run the code of their choice. An attacker would need a valid user account and would need to be authenticated by the server to exploit this flaw." I wonder of this is one of the vulnerabilities mentioned by Jeremy Allison of the Samba team on Slashdot last April?

No comments: