Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2009-3103

Description

Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.

POC

Reference

- http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html

- http://isc.sans.org/diary.html?storyid=7093

- http://www.exploit-db.com/exploits/9594

- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050

Github

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/ARPSyndicate/cvemon

- https://github.com/Abdibimantara/Vulnerability-Asessment-Kioptrix-Level-1-Vulnhub

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/Dekiridi/ZeroHealth-Corp-Vulnerability-Assessment-Project

- https://github.com/EricwentwithCyber/Vulnerability-Scan-Lab

- https://github.com/Farhan7045/Internal

- https://github.com/Kiosec/Windows-Exploitation

- https://github.com/Maribel0370/Nebula-io

- https://github.com/Mr-Tree-S/POC_EXP

- https://github.com/Sic4rio/CVE-2009-3103---srv2.sys-SMB-Code-Execution-Python-MS09-050-

- https://github.com/ajb3932/AD_Pentesting

- https://github.com/amtzespinosa/kioptrix-walkthrough

- https://github.com/amtzespinosa/kioptrix1-walkthrough

- https://github.com/ankh2054/python-exploits

- https://github.com/joshchalabi/SMBv2-Exploit-PrivEsc

- https://github.com/n3masyst/n3masyst

- https://github.com/notsag-dev/htb-blue

- https://github.com/odolezal/D-Link-DIR-655

- https://github.com/rosonsec/Exploits

- https://github.com/sec13b/ms09-050_CVE-2009-3103

- https://github.com/sooklalad/ms09050

- https://github.com/uroboros-security/SMB-CVE