Vulnerability Report

CVE-2009-3676

Title: Microsoft Windows Server 2008 Denial of Service (DoS)

DoS

Proof Of Concept

No public PoC currently indexed for CVE-2009-3676.

CWE Category CWE-399
Published Date Nov 13, 2009
Modified Date Jun 16, 2026
Exploit Status Not Found
Score 7.1 CVSS v2.0
Exploit Probability (EPSS)
34.34%

Vulnerability Summary

CVE-2009-3676: The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."

Impacted Vendors

Reference Links

http://blogs.technet.com/msrc/archive/2009/11/13/microsoft-security-advisory-977544-released.aspx http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html http://news.cnet.com/8301-27080_3-10395891-245.html http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/ http://seclists.org/fulldisclosure/2009/Nov/134 http://secunia.com/advisories/37347 http://secunia.com/blog/66/ http://www.microsoft.com/technet/security/advisory/977544.mspx http://www.securitytracker.com/id?1023179 http://www.us-cert.gov/cas/techalerts/TA10-103A.html http://www.vupen.com/english/advisories/2009/3216 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7186 http://blogs.technet.com/msrc/archive/2009/11/13/microsoft-security-advisory-977544-released.aspx http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html http://news.cnet.com/8301-27080_3-10395891-245.html http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/ http://seclists.org/fulldisclosure/2009/Nov/134 http://secunia.com/advisories/37347 http://secunia.com/blog/66/ http://www.microsoft.com/technet/security/advisory/977544.mspx http://www.securitytracker.com/id?1023179 http://www.us-cert.gov/cas/techalerts/TA10-103A.html http://www.vupen.com/english/advisories/2009/3216 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7186
CVSS v2.0
Source Entity [email protected]
Severity HIGH
7.1
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:M/Au:N/C:N/I:N/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2009-3676 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:M/Au:N/C:N/I:N/A:C

Affected Stack

No specific products linked.