CVE-2010-0017 : Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB serv

Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."

Published 2010-02-10 18:30:01

Updated 2023-12-07 18:38:57

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2010-0017

Probability of exploitation activity in the next 30 days: 0.66%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 77 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2010-0017

Microsoft Windows 7 / Server 2008 R2 SMB Client Infinite Loop

First seen: 2020-04-26

auxiliary/dos/windows/smb/ms10_006_negotiate_response_loop

This module exploits a denial of service flaw in the Microsoft Windows SMB client on Windows 7 and Windows Server 2008 R2. To trigger this bug, run this module as a service and forces a vulnerable client to access the IP of this system as an SMB server. This can be

More information

CVSS scores for CVE-2010-0017

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2010-0017

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-0017

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8298

Repository / Oval Repository
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-006

Microsoft Security Bulletin MS10-006 - Critical | Microsoft Docs

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA10-040A.html

Microsoft Updates for Multiple Vulnerabilities | CISA
US Government Resource

CVEs referencing this url

Products affected by CVE-2010-0017

Microsoft » Windows Vista » Update SP2
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Update SP1
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Version: N/A X64 Edition
cpe:2.3:o:microsoft:windows_vista:-:-:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Itanium Edition
cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » X64 Edition
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » X32 Edition
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: N/A Update SP2 X64 Edition
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: N/A Update SP2 Itanium Edition
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » Version: N/A
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
Matching versions