10
CVSSv2

CVE-2010-0477

Published: 14/04/2010 Updated: 21/11/2024

Vulnerability Summary

Remote Code Execution in Windows SMB Client Message Size Vulnerability

In Microsoft Windows Server 2008 R2 and Windows 7, there's a problem with the SMB client. It doesn't correctly deal with SMBv1 and SMBv2 response packets. Because of this, remote SMB servers and attackers in the middle can run any code they want. They do this by sending a special packet. This packet makes the client read all the response and then interact wrongly with the Winsock Kernel (WSK). This issue is known as the "SMB Client Message Size Vulnerability."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 7

microsoft windows 7 -

microsoft windows server 2008

Exploits

import sys,SocketServer # Windows 7/2008R2 SMB Client Trans2 stack overflow (MS10-020) # Date: 17/04/10 # Author: Laurent Gaffié # Tested on: Windows 7/2008R2 # CVE: CVE-2010-0270 # Full advisory: seclistsorg/fulldisclosure/2010/Apr/201 # More information: g-laurentblogspotcom/2010/04/ms10-020html # # Note from Exploit-DB: It ha ...