CVE-2020-1301

HIGH

Windows SMBv1 - Remote Code Execution via Malicious Request Handling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-1301. PoCs published by shubham0d.

AI-analyzed exploit summary This PoC exploits CVE-2020-1301, a vulnerability in SMBv1 that causes a BSOD by sending a malformed SMB packet with an IOCTL code (0x090100) and crafted data. It requires SMB1 support and a shared C: drive on the target.

Description

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'.

Exploits (1)

nomisec WORKING POC 17 stars
by shubham0d · poc
https://github.com/shubham0d/CVE-2020-1301

This PoC exploits CVE-2020-1301, a vulnerability in SMBv1 that causes a BSOD by sending a malformed SMB packet with an IOCTL code (0x090100) and crafted data. It requires SMB1 support and a shared C: drive on the target.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows SMBv1 (affected versions per CVE-2020-1301)
Auth required
Prerequisites: SMBv1 enabled on target · C:\ drive shared · Valid credentials (or none if anonymous access is allowed)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.5953
EPSS Percentile 98.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (21)
microsoft/windows_10
microsoft/windows_10 1607
microsoft/windows_10 1709
microsoft/windows_10 1803
microsoft/windows_10 1809
microsoft/windows_10 1903
microsoft/windows_10 1909
microsoft/windows_10 2004
microsoft/windows_7
microsoft/windows_8.1
... and 11 more
Published Jun 09, 2020
Tracked Since Feb 18, 2026