CVE-2009-3676

 

Published at: - 13-11-2009 04:30

Last modified: - 14-11-2022 06:02

Total changes: - 2

Description

The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:N/I:N/A:C

 

Verification logic

 

Reference

• 20091111 Windows 7 , Server 2008R2 Remote Kernel Crash-Exploit
• http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html
• ADV-2009-3216-Vendor Advisory
• http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/
• http://news.cnet.com/8301-27080_3-10395891-245.html
• http://www.microsoft.com/technet/security/advisory/977544.mspx
• http://blogs.technet.com/msrc/archive/2009/11/13/microsoft-security-advisory-977544-released.aspx
• 37347-Vendor Advisory
• http://secunia.com/blog/66/
• 1023179-
• TA10-103A-US Government Resource
• oval:org.mitre.oval:def:7186-
• MS10-020-

 

Keywords

NVD

 

CVE-2009-3676

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures