CVE-2009-3103
Microsoft Windows - SMB2 Negotiate Protocol '0x72' Response Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
11Exploited in Wild
-Decision
Descriptions
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
Error de índice de matriz en la implementación del protocolo SMBv2 en srv2.sys en Windows Vista versión Gold, SP1 y SP2, Windows Server 2008 versión Gold y SP2, y Windows 7 RC, de Microsoft, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de sistema) por medio de un carácter & (ampersand) en un campo de encabezado Process ID High en un paquete NEGOTIATE PROTOCOL REQUEST, que activa un intento de desreferencia de una ubicación de memoria fuera de límites, también se conoce como "SMBv2 Negotiation Vulnerability" NOTA: algunos de estos datos fueron obtenidos de la información de terceros.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-09-08 CVE Reserved
- 2009-09-08 CVE Published
- 2009-09-09 First Exploit
- 2024-08-07 CVE Updated
- 2024-10-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
CAPEC
References (26)
| URL | Tag | Source |
|---|---|---|
| http://blog.48bits.com/?p=510 | X_refsource_misc | |
| http://isc.sans.org/diary.html?storyid=7093 | X_refsource_misc | |
| http://osvdb.org/57799 | Vdb Entry | |
| http://www.kb.cert.org/vuls/id/135940 | Third Party Advisory |
|
| http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1 | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/506300/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/506327/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1022848 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53090 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489 | Signature | |
| https://seclists.org/fulldisclosure/2009/Sep/39 |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/12524 | 2010-05-07 | |
| https://www.exploit-db.com/exploits/10005 | 2009-11-11 | |
| https://www.exploit-db.com/exploits/9594 | 2009-09-09 | |
| https://www.exploit-db.com/exploits/14674 | 2010-08-17 | |
| https://www.exploit-db.com/exploits/16363 | 2010-07-03 | |
| https://www.exploit-db.com/exploits/40280 | 2016-02-26 | |
| https://github.com/Sic4rio/CVE-2009-3103---srv2.sys-SMB-Code-Execution-Python-MS09-050- | 2024-05-05 | |
| http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html | 2024-08-07 | |
| http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html | 2024-08-07 | |
| http://www.exploit-db.com/exploits/9594 | 2024-08-07 | |
| http://www.securityfocus.com/bid/36299 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/36623 | 2023-12-07 | |
| http://www.microsoft.com/technet/security/advisory/975497.mspx | 2023-12-07 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050 | 2023-12-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | itanium |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | x32 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | sp2, itanium |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | sp2 Search vendor "Microsoft" for product "Windows Server 2008" and version "sp2" | x32 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | sp2 Search vendor "Microsoft" for product "Windows Server 2008" and version "sp2" | x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | sp2 |
Affected
| ||||||