← back
CVE-2009-2526

CVE-2009-2526

EPSS 81.9%
Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
Affected products
n/a · n/a
public PoCs found2
exploitdbwww.exploit-db.com/exploits/40280unverifiedexploitdbwww.exploit-db.com/exploits/14674unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5595http://www.us-cert.gov/cas/techalerts/TA09-286A.html