Back to Vulnerability List

Microsoft: Microsoft Windows SMB Client: Denial of Service via Malformed Response

CVE-2009-3676 High Published

CVSS

7.1 High · Network

EPSS

0.56028 56.0% chance of exploit in 30d

CWE

CWE-399 Resource Management Errors

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Summary

Per NVD: “The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka ‘SMB Client Incomplete Response Vulnerability’.”

Affected Packages / Versions

Package: Microsoft Windows SMB Client (—)
Latest published version at triage time: Per NVD: Windows Server 2008 R2 / Windows 7 (RTM)
Affected range: Per NVD: Windows Server 2008 R2 and Windows 7 prior to MS10-006
Patched version: MS10-006 (February 2010 Patch Tuesday)

Impact

NVD’s description establishes a kernel-side DoS on Windows hosts that initiate SMB connections to attacker-controlled or MITM-attacker-influenced servers.

Severity Rationale

NVD CVSS v2 7.1 (only v2 metrics available). Network-reachable, no authentication, availability-only impact.

Fix

Apply Microsoft Security Bulletin MS10-006.

Disclosure timeline

TBDReported to vendor
Feb 9, 2010Patch released (MS10-006)
Feb 9, 2010Public disclosure

Fix Commit(s)

References

Discovered by Praetorian Labs (per cve-research listing) · Published April 29, 2026

Praetorian Guard Platform

Penetration Testing Services

Advanced Offensive Security

Continuous Offensive Security

Customer Case Studies

Resources

Use Cases

About Praetorian

Join Praetorian