CVE-2010-0477

Published: Apr 14, 2010Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."

Affected (4)

Products: Microsoft: Windows 7, Windows Server 2008

2 products

Windows Server 2008

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions

Related CWEs

References (8)

http://secunia.com/advisories/39372

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA10-103A.html

Source: secure@microsoft.com

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6859

Source: secure@microsoft.com

http://secunia.com/advisories/39372

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA10-103A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6859

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.