CVE-2009-2526

2009-10-1410:30:00

CWE-399

[email protected]

web.nvd.nist.gov

microsoft

windows

vista

server 2008

smbv2

infinite loop

vulnerability

denial of service

cve-2009-2526

nvd

6.5 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.799 High

EPSS

Percentile

98.3%

JSON

Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka “SMBv2 Infinite Loop Vulnerability.”

CPENameOperatorVersion
microsoft:windows_server_2008microsoft windows server 2008eq-
microsoft:windows_vistamicrosoft windows vistaeq*
microsoft:windows_server_2008microsoft windows server 2008eq*
microsoft:windows_vistamicrosoft windows vistaeq-

CPE	Name	Operator	Version
microsoft:windows_server_2008	microsoft windows server 2008	eq	-
microsoft:windows_vista	microsoft windows vista	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	*
microsoft:windows_vista	microsoft windows vista	eq	-