Windows SMB credential reflection vulnerability

Added: 05/07/2009
CVE: CVE-2008-4037
BID: 7385
OSVDB: 49736

Background

The Server Message Block (SMB) protocol is a file sharing protocol implemented in Microsoft Windows.

NTLM is a challenge/response-based authentication protocol.

Problem

An NTLM credential reflection vulnerability allows a remote SMB server to re-use a user's authentication response to gain unauthorized access to the user's system.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 08-068.

References

http://www.microsoft.com/technet/security/bulletin/MS08-068.mspx

Limitations

Exploit works on Windows XP and requires a user to load the exploit page in a web browser.

In order for the exploit to succeed, the user on the target must have the administrator privilege, and the "simple file sharing" on the target must be disabled.

If it is successful, this exploit may disable the firewall on the target.

Platforms

Windows XP

Back to exploit index