Showing 1 - 4 of 4

CVE-2009-3103

Status Candidate

Overview

Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.

Related Files

Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference: Posted Aug 31, 2024; Authored by H D Moore, laurent gaffie | Site metasploit.com; This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.; tags | exploit; systems | windows, vista, 7; advisories | CVE-2009-3103; SHA-256 | eb306cad88b29720e7dac7d13bc441bdf247266d948c8cc0122be192d6f3a8f2; Download | Favorite | View

Microsoft SRV2.SYS SMB2 Logoff Remote Kernel NULL Pointer Dereference: Posted Aug 31, 2024; Authored by Jay Turla | Site metasploit.com; This Metasploit module triggers a NULL pointer dereference in the SRV2.SYS kernel driver when processing an SMB2 logoff request before a session has been correctly negotiated, resulting in a BSOD. Effecting Vista SP1/SP2 (And possibly Server 2008 SP1/SP2), the flaw was resolved with MS09-050.; tags | exploit, kernel; advisories | CVE-2009-3103; SHA-256 | 07e8feb0c67bf2a88d6c43cfb0367e7fc30ceb6fdf45b7f35248ba4149684973; Download | Favorite | View

Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference: Posted Feb 26, 2010; Authored by H D Moore, laurent gaffie, sf | Site metasploit.com; This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.; tags | exploit; systems | windows; advisories | CVE-2009-3103; SHA-256 | de2b37c604aa41ff0e596df449f770135048223b2482bc370245289a93342173; Download | Favorite | View

Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference: Posted Sep 29, 2009; Authored by laurent gaffie; This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.; tags | exploit; systems | windows; advisories | CVE-2009-3103; SHA-256 | ea2b810d8a275178be0dfc2ccca862cb1f378b8ed6266f448f49b3fcfd6fdeb8; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 57 files
LiquidWorm 23 files
Debian 19 files
indoushka 15 files
Apple 9 files
Google Security Research 5 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2009-3103

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems