CVE-2010-2550

Microsoft Windows SMB Server - Remote Code Execution via Crafted SMB Packet

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-2550. PoCs published by laurent gaffie, including Metasploit module auxiliary/dos/windows/smb/ms10_054_queryfs_pool_overflow.

AI-analyzed exploit summary This exploit targets CVE-2010-2550, a vulnerability in Microsoft Windows SMB protocol. It sends a malformed Trans2 packet to trigger a denial-of-service (DoS) condition by crashing the target system.

Description

The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED

by laurent gaffie · pythondoswindows

https://www.exploit-db.com/exploits/14607

View Code ZIP pw:eip

This exploit targets CVE-2010-2550, a vulnerability in Microsoft Windows SMB protocol. It sends a malformed Trans2 packet to trigger a denial-of-service (DoS) condition by crashing the target system.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows SMB (affecting Windows XP, Server 2003, Vista, Server 2008)

No auth needed

Prerequisites: Network access to the target's SMB port (445)

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/windows/smb/ms10_054_queryfs_pool_overflow.rb

View Code ZIP pw:eip

This Metasploit module exploits a pool overflow vulnerability in Microsoft Windows SRV.SYS via a malformed SMB Transaction2 request, leading to a denial-of-service (blue screen) condition. The exploit targets unpatched systems prior to the August 2010 Patch Tuesday updates.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows SMB service (pre-MS10-054 patch)

Auth required

Prerequisites: Access to a readable SMB share · Authentication credentials (unless guest access is enabled)

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA10-222A.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11106

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-054

Scores

EPSS 0.7975

EPSS Percentile 99.1%

Details

CWE

CWE-20

Status published

Products (6)

microsoft/windows_2003_server (2 CPE variants)

microsoft/windows_7 (2 CPE variants)

microsoft/windows_server_2003

microsoft/windows_server_2008 (8 CPE variants)

microsoft/windows_vista (3 CPE variants)

microsoft/windows_xp (2 CPE variants)

Published Aug 11, 2010

Tracked Since Feb 18, 2026