(0day) Windows Vista/7 SMB2.0 Remote B.S.O.D PoC

SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionnality.
The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it’s used to identify the SMB dialect that will be used for futher communication.
The vulnerability was discovered by Laurent Gaffié

Proof of Concept and background here


Related Articles