CVE-2010-0017

2010-02-1018:30:00

CWE-362

[email protected]

web.nvd.nist.gov

cve-2010-0017

smb client

windows

code execution

privilege escalation

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.6%

JSON

Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka “SMB Client Race Condition Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_7Match-

microsoftwindows_server_2008itanium

microsoftwindows_server_2008x32

microsoftwindows_server_2008x64

microsoftwindows_server_2008Match-sp2itanium

microsoftwindows_server_2008Match-sp2x64

microsoftwindows_server_2008Matchr2

microsoftwindows_vista

microsoftwindows_vistasp1

microsoftwindows_vistasp2

microsoftwindows_vistaMatch--x64

CPENameOperatorVersion
microsoft:windows_7microsoft windows 7eq-
microsoft:windows_server_2008microsoft windows server 2008eq*
microsoft:windows_server_2008microsoft windows server 2008eq-
microsoft:windows_server_2008microsoft windows server 2008eqr2
microsoft:windows_vistamicrosoft windows vistaeq*
microsoft:windows_vistamicrosoft windows vistaeq-

CPE	Name	Operator	Version
microsoft:windows_7	microsoft windows 7	eq	-
microsoft:windows_server_2008	microsoft windows server 2008	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	-
microsoft:windows_server_2008	microsoft windows server 2008	eq	r2
microsoft:windows_vista	microsoft windows vista	eq	*
microsoft:windows_vista	microsoft windows vista	eq	-