CVE-2002-0724
published 2002-09-24CVE-2002-0724: Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service…
PriorityP335high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
30.13%
98.0th percentile
Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | products_ms02-045 | — | — |
| microsoft | windows_nt | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect malformed SMB_COM_TRANSACTION (opcode 0x25) packets targeting \PIPE\LANMAN with RAP function code 0x68 (NetServerEnum2), 0x68 variants for NetShareEnum or NetServerEnum3 — these are the three triggering request types. ↗
- →Monitor for anonymous (null session) SMB connections followed immediately by a TRANSACTION request to IPC$\PIPE\LANMAN — the exploit works with anonymous access and uses a null-session setup (empty ANSI password, empty account). ↗
- →The exploit identifies itself with Native OS 'Unix' and Native LAN Manager 'Samba' in the SESSION_SETUP_ANDX request — flag Windows hosts receiving SMB session setup with these strings. ↗
- →The SMB TRANSACTION request uses param_descriptor 'WrLeh' and return_descriptor 'B13BWz' with detail_level 1 and recv_buffer_len 50000 — these RAP parameter strings in a LANMAN pipe transaction are a strong exploit indicator. ↗
- →Disabling NetBIOS Null Sessions blocks exploitation — monitor for null session establishment (empty credentials SMB session setup) as a precursor indicator. ↗
- ·Disabling NetBIOS Null Sessions is a documented mitigation that prevents exploitation of this vulnerability. ↗
- ·All Cisco products installed on affected Microsoft Windows versions (NT, 2000, XP) that use SMB are considered vulnerable — not a Cisco code defect but an OS-level exposure. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w6f5-h26h-f4gj: Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of ser
ghsa_unreviewed·2022-04-30
CVE-2002-0724 [HIGH] GHSA-w6f5-h26h-f4gj: Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of ser
Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
Cisco
Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045
vendor_cisco·2002-09-18
CVE-2002-0724 CWE-119 Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045
Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045
This advisory describes vulnerabilities that affect Cisco products and
applications that are installed on Microsoft operating systems incorporating
the use of the Server Message Block (SMB) file sharing protocol. It is based on
the vulnerabilities in Microsoft's SMB protocol, not due to a defect of the
Cisco product or application.
Vulnerabilities were discovered that enable an attacker to perform a
denial of service against the server and may allow execution of arbitrary code.
These vulnerabilities were publicly announced by Microsoft in their Microsoft
Security Bulletin
MS02-045
.
All Cisco products and applications that are using the Microsoft
operating systems identified by Microsoft in their Micro
Cisco
Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045
vendor_cisco
CVE-2002-0724 Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045
CVE-2002-0724: Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045
This advisory describes vulnerabilities that affect Cisco products and applications that are installed on Microsoft operating systems incorporating the use of the Server Message Block (SMB) file sharing protocol. It is based on the vulnerabilities in Microsoft's SMB protocol, not due to a defect of the Cisco product or application. Vulnerabilities were discovered that enable an attacker to perform a denial of service against the server and may allow execution of arbitrary code. These vulnerabilities were publicly announced by Microsoft in their Microsoft Security Bulletin MS02-045 . All Cisco products and applications that are using the Microsoft operating systems identified by Microsoft in
No detection rules found.
Exploit-DB
Microsoft Windows XP/2000/NT 4.0 - Network Share Provider SMB Request Buffer Overflow (1)
exploitdb·2002-08-22
CVE-2002-0724 Microsoft Windows XP/2000/NT 4.0 - Network Share Provider SMB Request Buffer Overflow (1)
Microsoft Windows XP/2000/NT 4.0 - Network Share Provider SMB Request Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/5556/info
Microsoft Windows operating systems use the Server Message Block (SMB) protocol to support services such as file and printer sharing. A buffer overflow vulnerability has been reporting in the handling of some malformed SMB requests.
An attacker may send a malformed SMB request packet in order to exploit this condition. It has been reported possible to corrupt heap memory, leading to a crash of the underlying system.
It may prove possible to exploit this vulnerability to execute arbitrary code and gain local access to the vulnerable system. This possibility has not, however, been confirmed.
Reportedly, this vulnerability may be exploited
Exploit-DB
Microsoft Windows XP/2000/NT 4.0 - Network Share Provider SMB Request Buffer Overflow (2)
exploitdb·2002-08-22
CVE-2002-0724 Microsoft Windows XP/2000/NT 4.0 - Network Share Provider SMB Request Buffer Overflow (2)
Microsoft Windows XP/2000/NT 4.0 - Network Share Provider SMB Request Buffer Overflow (2)
---
source: https://www.securityfocus.com/bid/5556/info
Microsoft Windows operating systems use the Server Message Block (SMB) protocol to support services such as file and printer sharing. A buffer overflow vulnerability has been reporting in the handling of some malformed SMB requests.
An attacker may send a malformed SMB request packet in order to exploit this condition. It has been reported possible to corrupt heap memory, leading to a crash of the underlying system.
It may prove possible to exploit this vulnerability to execute arbitrary code and gain local access to the vulnerable system. This possibility has not, however, been confirmed.
Reportedly, this vulnerability may be exploited bot
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=103011556323184&w=2http://www.kb.cert.org/vuls/id/250635http://www.kb.cert.org/vuls/id/311619http://www.kb.cert.org/vuls/id/342243https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-045https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A189http://marc.info/?l=bugtraq&m=103011556323184&w=2http://www.kb.cert.org/vuls/id/250635http://www.kb.cert.org/vuls/id/311619http://www.kb.cert.org/vuls/id/342243https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-045https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A189
2002-09-24
Published