CVE-2010-0477

Microsoft Windows 7 - Resource Management Error

Title source: rule

Description

The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by laurent gaffie · pythondoswindows

https://www.exploit-db.com/exploits/12273

View Code ZIP pw:eip

References (4)

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA10-103A.html

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6859

[Third Party Advisory] http://secunia.com/advisories/39372

Scores

EPSS 0.8638

EPSS Percentile 99.4%

Details

CWE

CWE-399

Status published

Products (2)

microsoft/windows_7 (2 CPE variants)

microsoft/windows_server_2008 (2 CPE variants)

Published Apr 14, 2010

Tracked Since Feb 18, 2026