Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2526


Vulnerability Score 7.8 7.8
CVE Id CVE-2009-2526
Last Modified 21 Aug 2010 01:34:04
Published 14 Oct 2009 06:30:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows Server 2008

  • Microsoft Windows Server 2008 -

  • Microsoft Windows Vista

  • Microsoft Windows Vista -


CERT - TA09-286A

MS - MS09-050

Last Updated: 27 May 2016 10:50:56