Back to search
CVE-2005-0045
Published: Feb 8, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20050209 EEYE: Windows SMB Client Transaction Response Handling Vulnerability
mailing-list
x_refsource_BUGTRAQ
oval:org.mitre.oval:def:4043
vdb-entry
signature
x_refsource_OVAL
win-smb-code-execution(19089)
vdb-entry
x_refsource_XF
20050209 EEYE: Windows SMB Client Transaction Response Handling Vulnerability
mailing-list
x_refsource_NTBUGTRAQ
oval:org.mitre.oval:def:1606
vdb-entry
signature
x_refsource_OVAL
12484
vdb-entry
x_refsource_BID
TA05-039A
third-party-advisory
x_refsource_CERT
oval:org.mitre.oval:def:1889
vdb-entry
signature
x_refsource_OVAL
VU#652537
third-party-advisory
x_refsource_CERT-VN
oval:org.mitre.oval:def:1847
vdb-entry
signature
x_refsource_OVAL
20050309 Update: MS05-011 EEYE: Windows SMB Client Transaction Response Handling Vulnerability
mailing-list
x_refsource_BUGTRAQ
MS05-011
vendor-advisory
x_refsource_MS
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now