CVE-2010-0476

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2003 SP2 Microsoft Windows Vista Gold, SP1, and SP2 Microsoft Windows Server 2008 Gold and SP2

Description The issue allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service via a crafted SMB transaction response. This can be achieved using either SMBv1 or SMBv2. An unauthenticated remote code execution vulnerability exists in the way the Microsoft Server Message Block (SMB) client implementation parses specially crafted SMB transaction responses. An attacker who successfully exploits this issue could take complete control of the system.

Recommendations For Microsoft Windows Server 2003 SP2, update to a version that includes the fix for this issue. For Microsoft Windows Vista Gold, SP1, and SP2, update to a version that includes the fix for this issue. For Microsoft Windows Server 2008 Gold and SP2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting SMB traffic to minimize the risk of exploitation.