What is CVE-2009-2526?

CVE-2009-2526 is a vulnerability in N/a. Published 2009-10-14.

Is CVE-2009-2526 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2009-2526

Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to th…

EPSS: 0.827 (99.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

Devender0508/Basic-vulnerability-scan-openvas
EricwentwithCyber/Vulnerability-Scan-Lab
uroboros-security/SMB-CVE

References

MS09-050 (x_refsource_MS, vendor-advisory)
TA09-286A (x_refsource_CERT, third-party-advisory)
oval:org.mitre.oval:def:5595 (x_refsource_OVAL, signature, vdb-entry)

Frequently asked questions

What is CVE-2009-2526?: CVE-2009-2526 is a vulnerability in N/a. Published 2009-10-14.
Is CVE-2009-2526 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.