CVE-2010-0269

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2

Description The issue arises from the improper allocation of memory for SMB responses by the SMB client in Microsoft Windows, allowing remote SMB servers and man-in-the-middle attackers to execute arbitrary code via crafted SMBv1 or SMBv2 responses. This is an unauthenticated remote code execution vulnerability, where an attacker can exploit the issue by sending a specially crafted SMB response to a client-initiated SMB request, potentially leading to the execution of arbitrary code and complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, consider disabling SMBv1 and SMBv2 protocols until a patch is available. As a temporary workaround, restrict access to SMB services to minimize the risk of exploitation. Avoid using SMB services for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.