← back
CVE-2009-2532

CVE-2009-2532

EPSS 62.2%
Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
Affected products
n/a · n/a
public PoCs found2
exploitdbwww.exploit-db.com/exploits/14674unverifiedexploitdbwww.exploit-db.com/exploits/40280unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6336http://www.us-cert.gov/cas/techalerts/TA09-286A.html