Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0017Race Condition in Microsoft Windows Server 2008

CWE-362Race Condition9 documents7 sources
Severity
9.3CRITICALNVD
EPSS
43.9%
top 2.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Windows Server 2008
Timeline
PublishedFeb 10
Latest updateMay 2

Description

Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-p829-jg83-8jr6: Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle atta2022-05-02

💥Exploits & PoCs

2
Exploit-DB
Microsoft Windows - SMB Client-Side Bug (PoC) (MS10-006)2010-04-16
Metasploit
Microsoft Windows 7 / Server 2008 R2 SMB Client Infinite Loop

🔍Detection Rules

1
Suricata
ET NETBIOS Microsoft Windows SMB Client Race Condition Remote Code Execution2010-12-22

💬Community

2
Bugzilla
CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [rhel-5.6]2010-12-03
Bugzilla
CVE-2010-3296 kernel: drivers/net/cxgb3/cxgb3_main.c reading uninitialized stack memory2010-09-13