ID CVE-2010-0477
Summary The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
References
Vulnerable Configurations
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
  • Windows Server 2008 R2 for Itanium-based Systems
    cpe:2.3:o:microsoft:windows_server_2008:-:r2:itanium
  • Windows Server 2008 R2 for x64-based Systems
    cpe:2.3:o:microsoft:windows_server_2008:-:r2:x64
CVSS
Base: 10.0 (as of 15-04-2010 - 19:04)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Windows 7/2008R2 SMB Client Trans2 Stack Overflow 10-020 PoC. CVE-2010-0269,CVE-2010-0270,CVE-2010-0476,CVE-2010-0477. Dos exploit for windows platform
id EDB-ID:12273
last seen 2016-02-01
modified 2010-04-17
published 2010-04-17
reporter laurent gaffie
source https://www.exploit-db.com/download/12273/
title Windows 7/2008R2 SMB Client Trans2 - Stack Overflow 10-020 PoC
msbulletin via4
bulletin_id MS10-020
bulletin_url
date 2010-04-13T00:00:00
impact Remote Code Execution
knowledgebase_id 980232
knowledgebase_url
severity Critical
title Vulnerabilities in SMB Client Could Allow Remote Code Execution
nessus via4
  • NASL family Windows
    NASL id WIN_SERVER_2008_NTLM_PCI.NASL
    description According to the version number obtained by NTLM the remote host has Windows Server 2008 installed. The host may be vulnerable to a number of vulnerabilities including remote unauthenticated code execution.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 108811
    published 2018-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108811
    title Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS10-020.NASL
    description The version of the SMB client software installed on the remote Windows host may be affected by one or more vulnerabilities, including some that could allow arbitrary code execution : - Incorrect handling of incomplete SMB responses could be abused to cause the system to stop responding. (CVE-2009-3676) - A vulnerability in the way the SMB client allocates memory when parsing specially crafted SMB responses could be abused by an unauthenticated, remote attacker to execute arbitrary code with system-level privileges. (CVE-2010-0269) - Improper validation of fields in SMB responses could lead to a memory corruption issue and in turn to arbitrary code execution with system-level privileges. (CVE-2010-0270) - Improper parsing of SMB transaction responses could lead to a memory corruption issue resulting in code execution with system-level privileges. (CVE-2010-0476) - Improper handling of SMB responses could cause the SMB client to consume the entire response and indicate an invalid value to the Winsock kernel, which in turn could allow remote code execution and result in the compromise of the affected system. (CVE-2010-0477)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 45507
    published 2010-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45507
    title MS10-020: Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
oval via4
accepted 2012-03-26T04:03:32.372-04:00
class vulnerability
contributors
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Dragos Prisaca
    organization Symantec Corporation
definition_extensions
  • comment Microsoft Windows 7 (32-bit) is installed
    oval oval:org.mitre.oval:def:6165
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
    oval oval:org.mitre.oval:def:5954
  • comment Microsoft Windows 7 (32-bit) is installed
    oval oval:org.mitre.oval:def:6165
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
    oval oval:org.mitre.oval:def:5954
description The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
family windows
id oval:org.mitre.oval:def:6859
status accepted
submitted 2010-03-13T13:00:00
title SMB Client Message Size Vulnerability
version 42
refmap via4
cert TA10-103A
ms MS10-020
secunia 39372
Last major update 21-08-2010 - 01:39
Published 14-04-2010 - 12:00
Last modified 30-10-2018 - 12:27
Back to Top