Information about a critical Microsoft Windows SMB browser election request parsing vulnerability turned up two days ago on the Full Disclosure mailing list and further investigation into the matter led Secunia to rate it as “moderately critical”.
According to the company’s security advisory, the vulnerability affects various editions of Windows Server 2003 and Windows Storage Server 2003, and can be used by malicious users to orchestrate a denial of service or even compromise a vulnerable system.
“The vulnerability is caused due to an integer underflow error when processing a Browser Election request. This can be exploited to cause a buffer overflow via an overly long Server Name string sent in a specially crafted packet,” explains Secunia.
The flaw can be exploited from a local network, but requires the target system to be a Master Browser. There is currently no patch available, so users are advised to restrict access within a broadcast domain to trusted hosts only.