Subject: EEEYE: RealSecure/BlackICE Server Message Block (SMB) Processing Overflow Release Date: February 26, 2004 Date Reported: February 18, 2004 Severity: High (Remote Code Execution) Vendor: Internet Security Systems Software Affected: Multiple versions of RealSecure Network, Real Secure Server Sensor, Proventia A Series G Series M Series, RealSecure Desktop, RealSecure Guard, RealSecure Sentry, and BlackICE PC Protection are affected. Vulnerability: A critical vulnerability in both RealSecure and BlackICE allows a remote attacker to overwrite heap memory with user-controlled data and execute arbitrary code within the SYSTEM context. Technical Description: The vulnerability exists in the component that handles the processing of Server Message Block (SMB) packets, and can be triggered by issuing an authentication request with a long username value. Protection: Retina Network Security Scanner has been updated to identify this vulnerability. Vendor Status: ISS has released patches for these issues, available at: