1. Home
  2. CVE Database
  3. CVE-2010-0476
HIGH · 10.0

CVE-2010-0476

The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code ...

Vulnerability Description

The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
MicrosoftWindows 7All versions
MicrosoftWindows 2003 ServerAll versions
MicrosoftWindows Server 2003All versions
MicrosoftWindows Server 2008All versions
MicrosoftWindows VistaAll versions

Related Weaknesses (CWE)

CWE-399

References

FAQ

What is CVE-2010-0476?

CVE-2010-0476 is a vulnerability with a CVSS score of 10.0 (HIGH). The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code ...

How severe is CVE-2010-0476?

CVE-2010-0476 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-0476?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 7, Microsoft Windows 2003 Server, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Vista.