Internet Security Systems Protocol Analysis Module SMB Parsing Heap Overflow Vulnerability

BID:9752

Info

Internet Security Systems Protocol Analysis Module SMB Parsing Heap Overflow Vulnerability

Bugtraq ID: 9752
Class: Boundary Condition Error
CVE:
Remote: Yes
Local: No
Published: Feb 26 2004 12:00AM
Updated: Feb 26 2004 12:00AM
Credit: Discovery of this issue is credited to eEye.
Vulnerable: Internet Security Systems RealSecure Server Sensor 7.0 XPU 22.9
Internet Security Systems RealSecure Server Sensor 7.0 XPU 20.19
Internet Security Systems RealSecure Server Sensor 7.0 XPU 20.18
Internet Security Systems RealSecure Server Sensor 7.0 XPU 20.16
Internet Security Systems RealSecure Sentry 3.6 ecb
Internet Security Systems RealSecure Sentry 3.6 ebr
Internet Security Systems RealSecure Network Sensor 7.0 XPU 22.9
Internet Security Systems RealSecure Network Sensor 7.0 XPU 20.11
Internet Security Systems RealSecure Guard 3.6 ecb
Internet Security Systems RealSecure Guard 3.6 ebr
Internet Security Systems RealSecure Desktop 7.0 ebh
Internet Security Systems RealSecure Desktop 7.0 ebg
Internet Security Systems RealSecure Desktop 7.0 eba
Internet Security Systems RealSecure Desktop 3.6 ecb
Internet Security Systems RealSecure Desktop 3.6 eca
Internet Security Systems RealSecure Desktop 3.6 ebr
Internet Security Systems Proventia M Series XPU 1.7
Internet Security Systems Proventia M Series XPU 1.3
Internet Security Systems Proventia A Series XPU 22.9
Internet Security Systems Proventia A Series XPU 20.15
Internet Security Systems BlackIce Server Protection 3.6 ccb
Internet Security Systems BlackIce Server Protection 3.6 cbz
Internet Security Systems BlackIce Server Protection 3.6 cbr
Internet Security Systems BlackICE PC Protection 3.6 ccb
Internet Security Systems BlackICE PC Protection 3.6 cbr
Internet Security Systems BlackICE PC Protection 3.6 .cbz
IBM Proventia G Series XPU 22.9
IBM Proventia G Series XPU 22.3
Not Vulnerable: Internet Security Systems RealSecure Server Sensor 7.0 XPU 22.10
Internet Security Systems RealSecure Sentry 3.6 ecd
Internet Security Systems RealSecure Network Sensor 7.0 XPU 22.10
Internet Security Systems RealSecure Guard 3.6 ecd
Internet Security Systems RealSecure Desktop 7.0 ebj
Internet Security Systems RealSecure Desktop 3.6 ecd
Internet Security Systems Proventia M Series XPU 1.8
Internet Security Systems Proventia A Series XPU 22.10
Internet Security Systems BlackIce Server Protection 3.6 ccd
Internet Security Systems BlackICE PC Protection 3.6 ccd
IBM Proventia G Series XPU 22.10

Discussion

Internet Security Systems Protocol Analysis Module SMB Parsing Heap Overflow Vulnerability

The Internet Security Systems (ISS) Protocol Analysis Module, included in multiple ISS products, is prone to a remotely exploitable heap overrun vulnerability. The issue exists in the SMB parsing routines provided by the module and is due to insufficient bounds checking of protocol fields.

This issue could potentially be exploited to execute arbitrary code on systems hosting the vulnerable software, potentially resulting in system compromise.

Exploit / POC

Internet Security Systems Protocol Analysis Module SMB Parsing Heap Overflow Vulnerability

The discoverers of this vulnerability have developed working exploit code that is not publicly available nor known to be circulating in the wild.

Solution / Fix

Internet Security Systems Protocol Analysis Module SMB Parsing Heap Overflow Vulnerability

Solution:
ISS has released fixes for this issue:


IBM Proventia G Series XPU 22.9

IBM Proventia G Series XPU 22.3

Internet Security Systems Proventia M Series XPU 1.3

Internet Security Systems Proventia M Series XPU 1.7

Internet Security Systems Proventia A Series XPU 22.9

Internet Security Systems Proventia A Series XPU 20.15

Internet Security Systems BlackICE PC Protection 3.6 cbr

Internet Security Systems RealSecure Desktop 3.6 ebr

Internet Security Systems RealSecure Sentry 3.6 ecb

Internet Security Systems BlackICE PC Protection 3.6 ccb

Internet Security Systems BlackIce Server Protection 3.6 cbr

Internet Security Systems BlackIce Server Protection 3.6 ccb

Internet Security Systems BlackIce Server Protection 3.6 cbz

Internet Security Systems RealSecure Guard 3.6 ecb

Internet Security Systems RealSecure Sentry 3.6 ebr

Internet Security Systems RealSecure Guard 3.6 ebr

Internet Security Systems RealSecure Desktop 3.6 eca

Internet Security Systems RealSecure Desktop 3.6 ecb

Internet Security Systems BlackICE PC Protection 3.6 .cbz

Internet Security Systems RealSecure Server Sensor 7.0 XPU 22.9

Internet Security Systems RealSecure Desktop 7.0 eba

Internet Security Systems RealSecure Server Sensor 7.0 XPU 20.18

Internet Security Systems RealSecure Network Sensor 7.0 XPU 20.11

Internet Security Systems RealSecure Network Sensor 7.0 XPU 22.9

Internet Security Systems RealSecure Desktop 7.0 ebh

Internet Security Systems RealSecure Desktop 7.0 ebg

Internet Security Systems RealSecure Server Sensor 7.0 XPU 20.16

Internet Security Systems RealSecure Server Sensor 7.0 XPU 20.19

References

Internet Security Systems Protocol Analysis Module SMB Parsing Heap Overflow Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report