Published: 14/04/2010 Updated: 30/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle malicious users to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows 7
microsoft windows 7 -
microsoft windows server 2008

import sys,SocketServer # Windows 7/2008R2 SMB Client Trans2 stack overflow (MS10-020) # Date: 17/04/10 # Author: Laurent Gaffié # Tested on: Windows 7/2008R2 # CVE: CVE-2010-0270 # Full advisory: seclistsorg/fulldisclosure/2010/Apr/201 # More information: g-laurentblogspotcom/2010/04/ms10-020html # # Note from Exploit-DB: It ha ...

CWE-399 http://www.us-cert.gov/cas/techalerts/TA10-103A.html http://secunia.com/advisories/39372 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6859 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020 https://nvd.nist.gov https://www.exploit-db.com/exploits/12273/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-0477

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect