CVE-2009-3103
Title: Microsoft Windows Server 2008 RCE
Proof Of Concept
PoC Available for CVE-2009-3103
Vulnerability Summary
CVE-2009-3103: Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
Impacted Vendors
Reference Links
AV:N/AC:L/Au:N/C:C/I:C/A:C
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
CVE-2009-3103 Exploits & PoCs (Proof Of Concept)
Vulnerability data updated via NVD.
Vulnerability data or affected products updated.
Vulnerability first announced in NVD.
Attack Vector Matrix
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Stack
No specific products linked.