CVE-2010-0020

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description The issue arises from the improper validation of request fields in the SMB implementation, allowing remote authenticated users to execute arbitrary code via a malformed request. An authenticated remote code execution issue exists in the way Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. An attacker could exploit this by sending a specially crafted network message to a system running the Server service as an authenticated user. Successful exploitation could result in complete control of the affected system, although it will most probably cause a Denial of Service condition.

Recommendations For Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.