CVE-2010-0477

Windows 7 and Windows Server 2008 - Remote Code Execution via Crafted SMB Response Packet

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0477. PoCs published by laurent gaffie.

AI-analyzed exploit summary This is a proof-of-concept exploit for CVE-2010-0270 (MS10-020), targeting a stack overflow vulnerability in the Windows SMB client on Windows 7 and 2008 R2. It sets up a malicious SMB server to trigger the vulnerability when a client connects.

Description

The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by laurent gaffie · pythondoswindows

https://www.exploit-db.com/exploits/12273

View Code ZIP pw:eip

This is a proof-of-concept exploit for CVE-2010-0270 (MS10-020), targeting a stack overflow vulnerability in the Windows SMB client on Windows 7 and 2008 R2. It sets up a malicious SMB server to trigger the vulnerability when a client connects.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Windows 7/2008 R2 SMB Client

No auth needed

Prerequisites: Network access to target · Target must initiate SMB connection to attacker-controlled server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/39372

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA10-103A.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6859

Scores

EPSS 0.5019

EPSS Percentile 98.8%

Details

CWE

CWE-399

Status published

Products (2)

microsoft/windows_7 (2 CPE variants)

microsoft/windows_server_2008 (2 CPE variants)

Published Apr 14, 2010

Tracked Since Feb 18, 2026