CVE-2010-0477
Severity CVSS v4.0:
Pending analysis
Type:
CWE-399
Resource Management Errors
Publication date:
14/04/2010
Last modified:
11/04/2025
Description
The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/39372
- http://www.us-cert.gov/cas/techalerts/TA10-103A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6859
- http://secunia.com/advisories/39372
- http://www.us-cert.gov/cas/techalerts/TA10-103A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6859