MS09-050: Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517) (EDUCATEDSCHOLAR)

This script is Copyright (C) 2009-2017 Tenable Network Security, Inc.

Synopsis :

The remote SMB server can be abused to execute code remotely.

Description :

The remote Windows host contains a vulnerable SMBv2 implementation with
the following issues :

- A specially crafted SMBv2 packet can cause an
infinite loop in the Server service. A remote,
unauthenticated attacker can exploit this to cause
a denial of service. (CVE-2009-2526)

- Sending a specially crafted SMBv2 packet to the Server
service can result in code execution. A remote,
unauthenticated attacker can exploit this to take
complete control of the system. (CVE-2009-2532,

EDUCATEDSCHOLAR is one of multiple Equation Group vulnerabilities and
exploits disclosed on 2017/04/14 by a group known as the Shadow

See also :

Solution :

Microsoft has released a set of patches for Windows Vista and 2008.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 42106 ()

Bugtraq ID: 36299

CVE ID: CVE-2009-2526

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now