Info

Disclosure

Oct 13, 2009

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Oct 13, 2009

Description

Windows contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user submits a specially crafted SMBv2 packet causing an infinite loop, and will result in loss of availability for the platform.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft Corporation has released a patch to address this vulnerability.

Products

Microsoft Corporation	Windows Vista	SP1
		SP2
		SP0
	Windows Server 2008	SP2
		SP0

References

CVE ID: 2009-2526 (see also: NVD)
Related OSVDB ID: 57799 58876
Microsoft Knowledge Base Article: 975517
Vendor URL: http://www.microsoft.com
Microsoft Security Bulletin: MS09-050

Credit

Matthieu Suiche -

Direct URL: http://osvdb.org/58875

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Windows Vista

Windows Server 2008

References

Credit