CVE-2009-3676

Severity

71%

Complexity

86%

Confidentiality

115%

The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."

CVSS 2.0 Base Score 7.1. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C).

Overview

Type

Microsoft Windows

First reported 15 years ago

2009-11-13 15:30:00

Last updated 6 years ago

2018-10-30 16:28:00

Affected Software

Microsoft Windows 7

Microsoft Windows Server 2008 R2

r2

References

http://blogs.technet.com/msrc/archive/2009/11/13/microsoft-security-advisory-977544-released.aspx

http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html

Exploit

http://news.cnet.com/8301-27080_3-10395891-245.html

http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/

Exploit

1023179

TA10-103A

US Government Resource

ADV-2009-3216

Vendor Advisory

MS10-020

oval:org.mitre.oval:def:7186

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.