CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-3676

The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.56

EPSS Ranking 98.0%

CVSS Severity

CVSS v2 Score 7.1

References

http://blogs.technet.com/msrc/archive/2009/11/13/microsoft-security-advisory-977544-released.aspx
http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html
http://news.cnet.com/8301-27080_3-10395891-245.html
http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/
http://seclists.org/fulldisclosure/2009/Nov/134
http://secunia.com/advisories/37347
http://secunia.com/blog/66/
http://www.microsoft.com/technet/security/advisory/977544.mspx
http://www.securitytracker.com/id?1023179
http://www.us-cert.gov/cas/techalerts/TA10-103A.html
http://www.vupen.com/english/advisories/2009/3216
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7186
http://blogs.technet.com/msrc/archive/2009/11/13/microsoft-security-advisory-977544-released.aspx
http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html
http://news.cnet.com/8301-27080_3-10395891-245.html
http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/
http://seclists.org/fulldisclosure/2009/Nov/134
http://secunia.com/advisories/37347
http://secunia.com/blog/66/
http://www.microsoft.com/technet/security/advisory/977544.mspx
http://www.securitytracker.com/id?1023179
http://www.us-cert.gov/cas/techalerts/TA10-103A.html
http://www.vupen.com/english/advisories/2009/3216
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7186

Products affected by CVE-2009-3676

Microsoft » Windows 7 » Version: N/A

cpe:2.3:o:microsoft:windows_7:-
Microsoft » Windows 7 » Version: sp1

cpe:2.3:o:microsoft:windows_7:sp1
Microsoft » Windows Server 2008 » Version: r2

cpe:2.3:o:microsoft:windows_server_2008:r2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-3676

Products

Pricing

Contact Us