Buffer overflow vulnerability in Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Microsoft WindowsID: oval:org.secpod.oval:def:584 | Date: (C)2011-03-31 (M)2022-10-10 |
Class: VULNERABILITY | Family: windows |
The host is installed with Microsoft Windows and is prone to buffer overflow vulnerability. A flaw is present in BowserWriteErrorLogEntry function in Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys, which fail to properly handle malicious browser election request packets containing an overly long server name string. Successful exploitation allow man-in-the-middle attackers to insert commands in encrypted SMTP sessions.
Platform: |
Microsoft Windows 7 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Vista |
Microsoft Windows XP |