CVE-2009-3103

EXPLOITED RANSOMWARE

Microsoft Windows Server 2008 - Resource Management Error

Title source: rule

Description

Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.

Exploits (14)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16363
exploitdb WORKING POC VERIFIED
by Jelmer de Hen · pythondoswindows
https://www.exploit-db.com/exploits/12524
exploitdb WORKING POC VERIFIED
by laurent gaffie · pythondoswindows
https://www.exploit-db.com/exploits/10005
exploitdb WORKING POC VERIFIED
by laurent gaffie · textdoswindows
https://www.exploit-db.com/exploits/9594
exploitdb WORKING POC
by ohnozzy · pythonremotewindows
https://www.exploit-db.com/exploits/40280
exploitdb WORKING POC
by Piotr Bania · textremotewindows
https://www.exploit-db.com/exploits/14674
nomisec WORKING POC 4 stars
by Sic4rio · remote
https://github.com/Sic4rio/CVE-2009-3103---srv2.sys-SMB-Code-Execution-Python-MS09-050-
nomisec WORKING POC 1 stars
by sooklalad · poc
https://github.com/sooklalad/ms09050
nomisec WORKING POC
by afifudinmtop · remote
https://github.com/afifudinmtop/CVE-2009-3103
nomisec WORKING POC
by nicolasdamians · poc
https://github.com/nicolasdamians/ms09-050-CVE-2009-3103-exploit
nomisec WORKING POC
by sec13b · remote-auth
https://github.com/sec13b/ms09-050_CVE-2009-3103
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/windows/smb/ms09_050_smb2_negotiate_pidhigh.rb
metasploit WORKING POC
by sf · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/windows/smb/ms09_050_smb2_session_logoff.rb
metasploit WORKING POC GOOD
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms09_050_smb2_negotiate_func_index.rb

References (18)

Scores

EPSS 0.9286
EPSS Percentile 99.8%

Details

VulnCheck KEV 2017-06-20
Ransomware Use Confirmed
CWE
CWE-399
Status published
Products (3)
microsoft/windows_server_2008 (5 CPE variants)
microsoft/windows_server_2008 sp2 x32 (2 CPE variants)
microsoft/windows_vista (3 CPE variants)
Published Sep 08, 2009
Tracked Since Feb 18, 2026