Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3960 — Improper Input Validation in Microsoft Windows Server 2008

CWE-20 — Improper Input Validation4 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

1.5%

top 19.00%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows Server 2008

Timeline

PublishedDec 16

Latest updateMay 14

Description

Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-c75v-x4mp-38cg: Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted enca↗2022-05-14

▶

💥Exploits & PoCs

Exploit-DB

Microsoft HyperV - Persistent Denial of Service (MS11-047)↗2011-06-14

▶

Exploit-DB

Adobe (Multiple Products) - XML External Entity / XML Injection↗2010-02-22

▶