CVE-2009-3676

The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:C
microsoftCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
microsoftwindows_7
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blogs.technet.com/msrc/archive/2009/11/13/microsoft-security-advisory-977544-released.aspx
http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html
http://news.cnet.com/8301-27080_3-10395891-245.html
http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/
http://seclists.org/fulldisclosure/2009/Nov/134
http://secunia.com/advisories/37347
http://secunia.com/blog/66/
http://www.microsoft.com/technet/security/advisory/977544.mspx
http://www.securitytracker.com/id?1023179
http://www.us-cert.gov/cas/techalerts/TA10-103A.html
http://www.vupen.com/english/advisories/2009/3216
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7186
http://blogs.technet.com/msrc/archive/2009/11/13/microsoft-security-advisory-977544-released.aspx
http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html
http://news.cnet.com/8301-27080_3-10395891-245.html
http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/
http://seclists.org/fulldisclosure/2009/Nov/134
http://secunia.com/advisories/37347
http://secunia.com/blog/66/
http://www.microsoft.com/technet/security/advisory/977544.mspx
http://www.securitytracker.com/id?1023179
http://www.us-cert.gov/cas/techalerts/TA10-103A.html
http://www.vupen.com/english/advisories/2009/3216
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7186