Microsoft Windows SMB Out-Of-Bounds Read Denial of Service Vulnerability

ID ZDI-17-843
Type zdi
Reporter pesante
Modified 2017-10-11T00:00:00


This vulnerability allows remote attackers to create a denial-of-service on vulnerable installations of Microsoft Windows. Authentication is required to exploit this vulnerability, assuming the product is in its default configuration.

The specific flaw exists within the srv driver. A crafted request to an SMB share can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system.