Security Portal

Intrusion Prevention Service

Signature Version: 4.966


RPC Windows Lsasrv.dll RPC Overflow (Sasser)
Threat Level: Critical
Release Date: 2006/11/8
Category: Buffer Overflow
Signature ID: 1051195
Included In:
Affected OS: Windows
Description: eEye Digital Security has discovered a remote buffer overflow in the Windows LSA (Local Security Authority) Service (LSASRV.DLL). An unauthenticated attacker could exploit this vulnerability to execute arbitrary code with system-level privileges on Windows 2000 and Windows XP. This infected LSA function goes to TCP port 139 and 445 but LSARPC.
Impact: Remote code execution
Recommendation: Please off-line the victim host and patch the system or software which exists vulnerabilities immediately.
False Positive: None
False Negative: None
Additional Information (Links open in new window):
Reference(s): MISC:MS04-011;

Search the Threat Database
Enter Rule ID or Name