FKIE_CVE-2009-3103

Vulnerability from fkie_nvd - Published: 2009-09-08 22:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
References
secure@microsoft.comhttp://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.htmlExploit
secure@microsoft.comhttp://blog.48bits.com/?p=510
secure@microsoft.comhttp://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.htmlExploit
secure@microsoft.comhttp://isc.sans.org/diary.html?storyid=7093
secure@microsoft.comhttp://osvdb.org/57799
secure@microsoft.comhttp://secunia.com/advisories/36623Vendor Advisory
secure@microsoft.comhttp://www.exploit-db.com/exploits/9594
secure@microsoft.comhttp://www.kb.cert.org/vuls/id/135940US Government Resource
secure@microsoft.comhttp://www.microsoft.com/technet/security/advisory/975497.mspxVendor Advisory
secure@microsoft.comhttp://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1
secure@microsoft.comhttp://www.securityfocus.com/archive/1/506300/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/archive/1/506327/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/bid/36299Exploit
secure@microsoft.comhttp://www.securitytracker.com/id?1022848
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050
secure@microsoft.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/53090
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://blog.48bits.com/?p=510
af854a3a-2127-422b-91ae-364da2661108http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://isc.sans.org/diary.html?storyid=7093
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/57799
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36623Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/9594
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/135940US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.microsoft.com/technet/security/advisory/975497.mspxVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/506300/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/506327/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/36299Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1022848
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/53090
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489
Impacted products
Vendor Product Version
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 sp2
microsoft windows_server_2008 sp2
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B33C9BD-FC34-4DFC-A81F-C620D3DAA79D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "7C684420-1614-4DAE-9BD9-F1FE9102A50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:sp2:x32:*:*:*:*:*:*",
              "matchCriteriaId": "9517571A-BC1A-4838-A094-30081A86D36C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:sp2:x64:*:*:*:*:*:*",
              "matchCriteriaId": "CD7CA7F0-9C4D-4172-91BD-90A8C86EE337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an \u0026 (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka \"SMBv2 Negotiation Vulnerability.\" NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "Error de \u00edndice de matriz en la implementaci\u00f3n del protocolo SMBv2 en srv2.sys en Windows Vista versi\u00f3n Gold, SP1 y SP2, Windows Server 2008 versi\u00f3n Gold y SP2, y Windows 7 RC, de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (bloqueo de sistema) por medio de un car\u00e1cter \u0026 (ampersand) en un campo de encabezado Process ID High en un paquete NEGOTIATE PROTOCOL REQUEST, que activa un intento de desreferencia de una ubicaci\u00f3n de memoria fuera de l\u00edmites, tambi\u00e9n se conoce como \"SMBv2 Negotiation Vulnerability\" NOTA: algunos de estos datos fueron obtenidos de la informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2009-3103",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-09-08T22:30:00.517",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://blog.48bits.com/?p=510"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://isc.sans.org/diary.html?storyid=7093"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/57799"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36623"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.exploit-db.com/exploits/9594"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/135940"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/975497.mspx"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=64\u0026Itemid=1"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/506300/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/506327/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/36299"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1022848"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53090"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blog.48bits.com/?p=510"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://isc.sans.org/diary.html?storyid=7093"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/57799"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36623"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/9594"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/135940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/975497.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=64\u0026Itemid=1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/506300/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/506327/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/36299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022848"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53090"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.