CVE-2009-3103
CVE-2009-3103
Vexday Risk Score
82Corregir ahora
Decisión SSVC (CISA)
Act
Explotación + impacto → acción inmediata
Madurez del exploit
Exploit funcional
PoC popular en GitHub (5 estrellas) — código de explotación ampliamente disponible.
CVSS —EPSS 90.1%KEV nãoPoC públicaNuclei —Metasploit simPatch referenciado
Ciclo de vida
07 sep 2009Exploit Metasploit disponible
08 sep 2009Publicada en NVD
09 sep 2009PoC pública
Velocidad de armamento
el mismo díahasta el primer PoC
Armada rápidamente — los atacantes priorizaron esta vulnerabilidad. Corrige con urgencia.
Recomendación: Corregir cuanto antes — hay explotación activa confirmada.
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
Productos afectados
n/a · n/aPoCs públicas encontradas — 15
githubgithub.com/Sic4rio/CVE-2009-3103---srv2.sys-SMB-Code-Execution-Python-MS09-050-★ 5githubgithub.com/sooklalad/ms09050★ 1githubgithub.com/afifudinmtop/CVE-2009-3103★ 0githubgithub.com/sec13b/ms09-050_CVE-2009-3103★ 0githubgithub.com/nicolasdamians/ms09-050-CVE-2009-3103-exploit★ 0exploitdbwww.exploit-db.com/exploits/14674no verificadoexploitdbwww.exploit-db.com/exploits/16363no verificadovulncheckvulncheck.com/xdb/3be3ed122bdano verificadovulncheckvulncheck.com/xdb/af8d74b46f87no verificadocve_referencewww.exploit-db.com/exploits/9594no verificadovulncheckvulncheck.com/xdb/f50cdfe8ce2bno verificadoexploitdbwww.exploit-db.com/exploits/12524no verificadoexploitdbwww.exploit-db.com/exploits/10005no verificadoexploitdbwww.exploit-db.com/exploits/9594no verificadoexploitdbwww.exploit-db.com/exploits/40280no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
Referencias
http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.htmlhttp://blog.48bits.com/?p=510http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.htmlhttp://isc.sans.org/diary.html?storyid=7093http://osvdb.org/57799https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050http://secunia.com/advisories/36623https://exchange.xforce.ibmcloud.com/vulnerabilities/53090https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489http://www.exploit-db.com/exploits/9594http://www.kb.cert.org/vuls/id/135940http://www.microsoft.com/technet/security/advisory/975497.mspx