CVE-2009-2526
EXPLOITEDMicrosoft Windows Vista-Server 2008 - DoS
Title source: llmDescription
Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
Exploits (2)
References (3)
Scores
EPSS
0.8141
EPSS Percentile
99.2%
Details
VulnCheck KEV
2017-06-20
CWE
CWE-399
Status
published
Products (2)
microsoft/windows_server_2008
(8 CPE variants)
microsoft/windows_vista
(6 CPE variants)
Published
Oct 14, 2009
Tracked Since
Feb 18, 2026