The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
Software | From | Fixed in |
---|---|---|
microsoft / windows_2000 | --sp4 | --sp4.x |
microsoft / windows_xp | - | - |
microsoft / windows_xp | --sp2 | --sp2.x |
microsoft / windows_xp | --sp3 | --sp3.x |
microsoft / windows_server_2003 | - | - |