Wednesday, August 11, 2010

MS SMB Remote Trans2 Zero Size Pool Allocation (MS10-054)

This SMBv1 vulnerability has been disclosed to MS back in february 2010 and patched this month in MS10-054 bulletin.

This vulnerability is quite interesting since it's present in all Windows version since Windows 2000, and can be triggered easily in at least 2 different Trans2 opcode by setting a Max Data Count to 0;
- QUERY_FS_INFO Query FS Attribute Info
- QUERY_FS_INFO, Query FS Volume Info

You can find the full advisory here:
SRD blog entry:


SMS Collection said...

Thanks this is awesome post.

Post a Comment