Summary
Microsoft Windows is prone to a remote code-execution vulnerability when processing the protocol headers for the Server Message Block (SMB) Negotiate Protocol Request.
NOTE: Reportedly, for this issue to be exploitable, file sharing must be enabled.
An attacker can exploit this issue to execute code with SYSTEM-level privileges
failed exploit attempts will likely cause denial-of- service conditions.
Windows 7 RC, Vista and 2008 Server are vulnerable other versions may
also be affected.
NOTE: Reportedly, Windows XP and 2000 are not affected.
UPDATE (September 9, 2009): Symantec has confirmed the issue on Windows Vista SP1 and Windows Server 2008.
References
- http://blogs.technet.com/msrc/archive/2009/09/08/microsoft-security-advisory-975497-released.aspx
- http://blogs.technet.com/srd/archive/2009/09/18/update-on-the-smb-vulnerability.aspx
- http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html
- http://www.kb.cert.org/vuls/id/135940
- http://www.microsoft.com/technet/security/advisory/975497.mspx
- http://www.microsoft.com/windows/products/windowsvista/default.mspx
- http://www.microsoft.com/windows/windows-7/
- http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1
- http://www.securityfocus.com/archive/1/506300
- http://www.securityfocus.com/archive/1/506327
- http://www.securityfocus.com/bid/36299
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-3103 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Windows Address Book Insecure Library Loading Vulnerability
- Microsoft Windows Indeo Codec Multiple Vulnerabilities
- Computer Associates WebScan ActiveX Control Multiple Remote Code Execution Vulnerabilities
- Cisco VPN Client Privilege Escalation Vulnerability
- Microsoft Windows 32-bit Platforms Unspecified vulnerabilities