{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-09-07T00:00:00", "descriptions": [{"lang": "en", "value": "Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka \"SMBv2 Negotiation Vulnerability.\" NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "36299", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36299"}, {"name": "VU#135940", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/135940"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.microsoft.com/technet/security/advisory/975497.mspx"}, {"tags": ["x_refsource_MISC"], "url": "http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.48bits.com/?p=510"}, {"name": "MS09-050", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050"}, {"name": "TA09-286A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"}, {"tags": ["x_refsource_MISC"], "url": "http://isc.sans.org/diary.html?storyid=7093"}, {"name": "36623", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36623"}, {"tags": ["x_refsource_MISC"], "url": "http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html"}, {"name": "1022848", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022848"}, {"name": "20090909 SMB SRV2.SYS Denial of Service PoC", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/506327/100/0/threaded"}, {"name": "9594", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/9594"}, {"name": "20090907 Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html"}, {"name": "57799", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/57799"}, {"name": "win-srv2sys-code-execution(53090)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53090"}, {"name": "20090908 Regarding Microsoft srv2.sys SMB2.0 NEGOTIATE BSOD", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/506300/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:6489", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2009-3103", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka \"SMBv2 Negotiation Vulnerability.\" NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "36299", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36299"}, {"name": "VU#135940", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/135940"}, {"name": "http://www.microsoft.com/technet/security/advisory/975497.mspx", "refsource": "CONFIRM", "url": "http://www.microsoft.com/technet/security/advisory/975497.mspx"}, {"name": "http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1", "refsource": "MISC", "url": "http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1"}, {"name": "http://blog.48bits.com/?p=510", "refsource": "MISC", "url": "http://blog.48bits.com/?p=510"}, {"name": "MS09-050", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050"}, {"name": "TA09-286A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"}, {"name": "http://isc.sans.org/diary.html?storyid=7093", "refsource": "MISC", "url": "http://isc.sans.org/diary.html?storyid=7093"}, {"name": "36623", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36623"}, {"name": "http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html", "refsource": "MISC", "url": "http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html"}, {"name": "1022848", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022848"}, {"name": "20090909 SMB SRV2.SYS Denial of Service PoC", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/506327/100/0/threaded"}, {"name": "9594", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/9594"}, {"name": "20090907 Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html"}, {"name": "57799", "refsource": "OSVDB", "url": "http://osvdb.org/57799"}, {"name": "win-srv2sys-code-execution(53090)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53090"}, {"name": "20090908 Regarding Microsoft srv2.sys SMB2.0 NEGOTIATE BSOD", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/506300/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:6489", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:14:56.044Z"}, "title": "CVE Program Container", "references": [{"name": "36299", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/36299"}, {"name": "VU#135940", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/135940"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.microsoft.com/technet/security/advisory/975497.mspx"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.48bits.com/?p=510"}, {"name": "MS09-050", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050"}, {"name": "TA09-286A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://isc.sans.org/diary.html?storyid=7093"}, {"name": "36623", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36623"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html"}, {"name": "1022848", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022848"}, {"name": "20090909 SMB SRV2.SYS Denial of Service PoC", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/506327/100/0/threaded"}, {"name": "9594", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/9594"}, {"name": "20090907 Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html"}, {"name": "57799", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/57799"}, {"name": "win-srv2sys-code-execution(53090)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53090"}, {"name": "20090908 Regarding Microsoft srv2.sys SMB2.0 NEGOTIATE BSOD", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/506300/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:6489", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2009-3103", "datePublished": "2009-09-08T22:00:00", "dateReserved": "2009-09-08T00:00:00", "dateUpdated": "2024-08-07T06:14:56.044Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B33C9BD-FC34-4DFC-A81F-C620D3DAA79D", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*", "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*", "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*", "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*", "matchCriteriaId": "7C684420-1614-4DAE-9BD9-F1FE9102A50F", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:sp2:x32:*:*:*:*:*:*", "matchCriteriaId": "9517571A-BC1A-4838-A094-30081A86D36C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:sp2:x64:*:*:*:*:*:*", "matchCriteriaId": "CD7CA7F0-9C4D-4172-91BD-90A8C86EE337", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka \"SMBv2 Negotiation Vulnerability.\" NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "Error de \u00edndice de matriz en la implementaci\u00f3n del protocolo SMBv2 en srv2.sys en Windows Vista versi\u00f3n Gold, SP1 y SP2, Windows Server 2008 versi\u00f3n Gold y SP2, y Windows 7 RC, de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (bloqueo de sistema) por medio de un car\u00e1cter & (ampersand) en un campo de encabezado Process ID High en un paquete NEGOTIATE PROTOCOL REQUEST, que activa un intento de desreferencia de una ubicaci\u00f3n de memoria fuera de l\u00edmites, tambi\u00e9n se conoce como \"SMBv2 Negotiation Vulnerability\" NOTA: algunos de estos datos fueron obtenidos de la informaci\u00f3n de terceros."}], "id": "CVE-2009-3103", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-09-08T22:30:00.517", "references": [{"source": "secure@microsoft.com", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html"}, {"source": "secure@microsoft.com", "url": "http://blog.48bits.com/?p=510"}, {"source": "secure@microsoft.com", "tags": ["Exploit"], "url": "http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html"}, {"source": "secure@microsoft.com", "url": "http://isc.sans.org/diary.html?storyid=7093"}, {"source": "secure@microsoft.com", "url": "http://osvdb.org/57799"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36623"}, {"source": "secure@microsoft.com", "url": "http://www.exploit-db.com/exploits/9594"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/135940"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://www.microsoft.com/technet/security/advisory/975497.mspx"}, {"source": "secure@microsoft.com", "url": "http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/506300/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/506327/100/0/threaded"}, {"source": "secure@microsoft.com", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/36299"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1022848"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050"}, {"source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53090"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blog.48bits.com/?p=510"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://isc.sans.org/diary.html?storyid=7093"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/57799"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36623"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.exploit-db.com/exploits/9594"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/135940"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.microsoft.com/technet/security/advisory/975497.mspx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/506300/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/506327/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/36299"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022848"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53090"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}