CVE-2009-3103

Published: Sep 8, 2009Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.

Affected (10)

Products: Microsoft: Windows Server 2008, Windows Vista

2 products

Windows Server 2008

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	Version sp2 x32
Microsoft Windows Server 2008	Version sp2 x64
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions

Related CWEs

References (36)

http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html

Source: secure@microsoft.com

Exploit

http://blog.48bits.com/?p=510

Source: secure@microsoft.com

http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html

Source: secure@microsoft.com

Exploit

http://isc.sans.org/diary.html?storyid=7093

Source: secure@microsoft.com

http://osvdb.org/57799

Source: secure@microsoft.com

http://secunia.com/advisories/36623

Source: secure@microsoft.com

Vendor Advisory

http://www.exploit-db.com/exploits/9594

Source: secure@microsoft.com

http://www.kb.cert.org/vuls/id/135940

Source: secure@microsoft.com

US Government Resource

http://www.microsoft.com/technet/security/advisory/975497.mspx

Source: secure@microsoft.com

Vendor Advisory

http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/506300/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/506327/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/36299

Source: secure@microsoft.com

Exploit

http://www.securitytracker.com/id?1022848

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA09-286A.html

Source: secure@microsoft.com

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050

Source: secure@microsoft.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/53090

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489

Source: secure@microsoft.com

http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://blog.48bits.com/?p=510

Source: af854a3a-2127-422b-91ae-364da2661108

http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://isc.sans.org/diary.html?storyid=7093

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/57799

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/36623

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.exploit-db.com/exploits/9594

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/135940

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.microsoft.com/technet/security/advisory/975497.mspx

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/506300/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/506327/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/36299

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securitytracker.com/id?1022848

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA09-286A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/53090

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.