7.8
CVSSv2

CVE-2009-2526

Published: 14/10/2009 Updated: 07/12/2023
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 790
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote malicious users to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows server 2008 -

microsoft windows vista

microsoft windows server 2008

microsoft windows vista -

Exploits

# EDB-Note: Source ~ rawgithubusercontentcom/ohnozzy/Exploit/master/MS09_050py #!/usr/bin/python #This module depends on the linux command line program smbclient #I can't find a python smb library for smb login If you can find one, you can replace that part of the code with the smb login function in python #The idea is that after th ...
Microsoft SRV2SYS SMB Negotiate ProcessID Function Table Dereference --------------------------------------------------------------------- Exploited by Piotr Bania // wwwpiotrbaniacom Exploit for Vista SP2/SP1 only, should be reliable! Tested on: Vista sp2 (60600218005) Vista sp1 ultimate (60600118000) Kudos for: Stephen, HDM, Laurent G ...

Github Repositories

Vulnerability Scan Lab in Azure Introduction This repository documents my experience conducting a vulnerability scan using OpenVAS in an Azure environment The purpose of this lab was to assess the security posture of a Server 2022 instance with various configurations Lab Setup Environment: Azure Cloud Target Machine: Server 2022, IP 1010122 Scanning Tool: OpenVAS on Parro