Main Vulnerability Database Exploits ID:905 - Exploit for NULL pointer dereference in Windows and Windows Server - CVE-2016-7237

ID:905 - Exploit for NULL pointer dereference in Windows and Windows Server - CVE-2016-7237

Published: March 18, 2020

Vulnerability identifier: #VU5336

Vulnerability risk: Medium

CVE-ID: CVE-2016-7237

CWE-ID: CWE-476

Exploitation vector: Remote access

Vulnerable software:
Windows
Windows Server

Link to public exploit:

https://www.exploit-db.com/exploits/40744/

Vulnerability description

The vulnerability allows a remote attacker to cause denial of service.

The vulnerability exists due to NULL pointer dereference error when parsing SMB packets within Local Security Authority Subsystem Service (LSASS). A remote authenticated attacker can send specially crafted requests to vulnerable service and cause the target system to become non-responsive.

Successful exploitation of the vulnerability will result in denial of service (DoS).

Remediation

Install updates from vendor's website.

ID:905 - Exploit for NULL pointer dereference in Windows and Windows Server - CVE-2016-7237

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human