Reported February 26, 2004 by eEye Digital Security.





  • RealSecure Network 7.0, XPU 20.15 through 22.9

  • Real Secure Server Sensor 7.0 XPU 20.16 through 22.9

  • Proventia A Series XPU 20.15 through 22.9

  • Proventia G Series XPU 22.3 through 22.9

  • Proventia M Series XPU 1.3 through 1.7

  • RealSecure Desktop 7.0 eba through ebh

  • RealSecure Desktop 3.6 ebr through ecb

  • RealSecure Guard 3.6 ebr through ecb

  • RealSecure Sentry 3.6 ebr through ecb

  • BlackICE PC Protection 3.6 cbr through ccb

  • BlackICE Server Protection 3.6 cbr through ccb




A heap-overflow vulnerability in RealSecure and BlackICE servers can result in the arbitrary execution of code on the vulnerable server. This vulnerability is a result of a flaw that exists within the component that handles the processing of Server Message Block (SMB) packets. By issuing an authentication request with a long username value, an attacker can trigger a direct heap overwrite and subsequently execute code.



Internet Security Systems has released patches for the affected servers and recommends that affected users immediately apply them.


Discovered by Barnaby Jack.