CVE-2010-0477

N/A Unknown
Published: April 14, 2010 Modified: April 29, 2026
View on NVD

Description

The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://secunia.com/advisories/39372
Source: secure@microsoft.com
http://www.us-cert.gov/cas/techalerts/TA10-103A.html
Source: secure@microsoft.com
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020
Source: secure@microsoft.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6859
Source: secure@microsoft.com
http://secunia.com/advisories/39372
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.us-cert.gov/cas/techalerts/TA10-103A.html
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6859
Source: af854a3a-2127-422b-91ae-364da2661108

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
86.4%
99th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-399

Affected Vendors

microsoft

Related CVEs

CVE-2026-4827 N/A
CVE-2026-45218 7.7
CVE-2026-45215 5.3
CVE-2026-45214 8.5
CVE-2026-45213 7.6