CVE-2010-0476

Microsoft Windows SMB Client - Remote Code Execution via Crafted SMB Transaction Response

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0476.

AI-analyzed exploit summary This is a functional exploit for CVE-2010-020 (MS10-020), targeting a stack overflow in the Windows SMB client (Trans2 request handling). It sets up a malicious SMB server that sends crafted responses to trigger the vulnerability on connecting clients.

Description

The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."

Exploits (1)

exploitdb WORKING POC

pythondoswindows

https://www.exploit-db.com/exploits/12273

View Code ZIP pw:eip

This is a functional exploit for CVE-2010-020 (MS10-020), targeting a stack overflow in the Windows SMB client (Trans2 request handling). It sets up a malicious SMB server that sends crafted responses to trigger the vulnerability on connecting clients.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows 7/2008 R2 SMB Client

No auth needed

Prerequisites: Network access to target · Target must initiate SMB connection to attacker-controlled server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/39336

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/39372

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6918

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA10-103A.html

Scores

EPSS 0.3433

EPSS Percentile 98.2%

Details

CWE

CWE-399

Status published

Products (5)

microsoft/windows_2003_server (2 CPE variants)

microsoft/windows_7 (3 CPE variants)

microsoft/windows_server_2003

microsoft/windows_server_2008 (8 CPE variants)

microsoft/windows_vista (6 CPE variants)

Published Apr 14, 2010

Tracked Since Feb 18, 2026