Lucene search

K
zdiNabeel Ahmed and Eric Schayes from Dimension DataZDI-18-166
HistoryFeb 21, 2018 - 12:00 a.m.

Microsoft Windows SMB Client Improper Initialization Denial of Service Vulnerability

2018-02-2100:00:00
Nabeel Ahmed and Eric Schayes from Dimension Data
www.zerodayinitiative.com
14

EPSS

0.025

Percentile

90.4%

This vulnerability allows remote attackers to deny service to vulnerable installations of Microsoft Windows. In some cases, user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file, but attack vectors may vary depending on the implementation. The specific flaw exists within the mrxsmb.sys driver. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to deny access to the target system.