CVE-2009-3103

{"id": "CVE-2009-3103", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-09-08T22:30:00.517", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html", "tags": ["Exploit"], "source": "secure@microsoft.com"}, {"url": "http://blog.48bits.com/?p=510", "source": "secure@microsoft.com"}, {"url": "http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html", "tags": ["Exploit"], "source": "secure@microsoft.com"}, {"url": "http://isc.sans.org/diary.html?storyid=7093", "source": "secure@microsoft.com"}, {"url": "http://osvdb.org/57799", "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/36623", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://www.exploit-db.com/exploits/9594", "source": "secure@microsoft.com"}, {"url": "http://www.kb.cert.org/vuls/id/135940", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.microsoft.com/technet/security/advisory/975497.mspx", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/506300/100/0/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/506327/100/0/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/36299", "tags": ["Exploit"], "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id?1022848", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050", "source": "secure@microsoft.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53090", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489", "source": "secure@microsoft.com"}, {"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://blog.48bits.com/?p=510", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://isc.sans.org/diary.html?storyid=7093", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/57799", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/36623", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.exploit-db.com/exploits/9594", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/135940", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.microsoft.com/technet/security/advisory/975497.mspx", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/506300/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/506327/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/36299", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1022848", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53090", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka \"SMBv2 Negotiation Vulnerability.\" NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "Error de \u00edndice de matriz en la implementaci\u00f3n del protocolo SMBv2 en srv2.sys en Windows Vista versi\u00f3n Gold, SP1 y SP2, Windows Server 2008 versi\u00f3n Gold y SP2, y Windows 7 RC, de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (bloqueo de sistema) por medio de un car\u00e1cter & (ampersand) en un campo de encabezado Process ID High en un paquete NEGOTIATE PROTOCOL REQUEST, que activa un intento de desreferencia de una ubicaci\u00f3n de memoria fuera de l\u00edmites, tambi\u00e9n se conoce como \"SMBv2 Negotiation Vulnerability\" NOTA: algunos de estos datos fueron obtenidos de la informaci\u00f3n de terceros."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B33C9BD-FC34-4DFC-A81F-C620D3DAA79D"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C684420-1614-4DAE-9BD9-F1FE9102A50F"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:sp2:x32:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9517571A-BC1A-4838-A094-30081A86D36C"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:sp2:x64:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD7CA7F0-9C4D-4172-91BD-90A8C86EE337"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}