7.1

CVE-2009-3676

Exploit
The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 34.34% 0.982
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://blogs.technet.com/msrc/archive/2009/11/13/microsoft-security-advisory-977544-released.aspx
http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html
Exploit
http://news.cnet.com/8301-27080_3-10395891-245.html
http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/
Exploit
http://seclists.org/fulldisclosure/2009/Nov/134
Exploit
http://secunia.com/advisories/37347
Vendor Advisory
http://secunia.com/blog/66/
Vendor Advisory
http://www.microsoft.com/technet/security/advisory/977544.mspx
Patch
Vendor Advisory
http://www.securitytracker.com/id?1023179
http://www.us-cert.gov/cas/techalerts/TA10-103A.html
US Government Resource
http://www.vupen.com/english/advisories/2009/3216
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7186