Vulnerability Report

CVE-2009-3103

Title: Microsoft Windows Server 2008 RCE

DoS

Proof Of Concept

PoC Available for CVE-2009-3103

CWE Category CWE-399
Published Date Sep 08, 2009
Modified Date Jun 16, 2026
Exploit Status Available
Score 10.0 CVSS v2.0
Exploit Probability (EPSS)
90.12%

Vulnerability Summary

CVE-2009-3103: Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.

Impacted Vendors

Reference Links

http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html http://blog.48bits.com/?p=510 http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html http://isc.sans.org/diary.html?storyid=7093 http://osvdb.org/57799 http://secunia.com/advisories/36623 http://www.exploit-db.com/exploits/9594 http://www.kb.cert.org/vuls/id/135940 http://www.microsoft.com/technet/security/advisory/975497.mspx http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1 http://www.securityfocus.com/archive/1/506300/100/0/threaded http://www.securityfocus.com/archive/1/506327/100/0/threaded http://www.securityfocus.com/bid/36299 http://www.securitytracker.com/id?1022848 http://www.us-cert.gov/cas/techalerts/TA09-286A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050 https://exchange.xforce.ibmcloud.com/vulnerabilities/53090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489 http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html http://blog.48bits.com/?p=510 http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html http://isc.sans.org/diary.html?storyid=7093 http://osvdb.org/57799 http://secunia.com/advisories/36623 http://www.exploit-db.com/exploits/9594 http://www.kb.cert.org/vuls/id/135940 http://www.microsoft.com/technet/security/advisory/975497.mspx http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1 http://www.securityfocus.com/archive/1/506300/100/0/threaded http://www.securityfocus.com/archive/1/506327/100/0/threaded http://www.securityfocus.com/bid/36299 http://www.securitytracker.com/id?1022848 http://www.us-cert.gov/cas/techalerts/TA09-286A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050 https://exchange.xforce.ibmcloud.com/vulnerabilities/53090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489
CVSS v2.0
Source Entity [email protected]
Severity HIGH
10.0
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:L/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2009-3103 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/Sic4rio/CVE-2009-3103---srv2.sys-SMB-Code-Execution-Python-MS09-050-
View Code
GitHub https://github.com/Neved4/exploits
View Code
GitHub https://github.com/sooklalad/ms09050
View Code
GitHub https://github.com/sec13b/ms09-050_CVE-2009-3103
View Code
GitHub https://github.com/nicolasdamians/ms09-050-CVE-2009-3103-exploit
View Code
Exploit-DB https://www.exploit-db.com/exploits/12524
View Code
Exploit-DB https://www.exploit-db.com/exploits/10005
View Code
Exploit-DB https://www.exploit-db.com/exploits/9594
View Code
Exploit-DB https://www.exploit-db.com/exploits/40280
View Code
Exploit-DB https://www.exploit-db.com/exploits/14674
View Code
Exploit-DB https://www.exploit-db.com/exploits/16363
View Code
MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.