OS-WINDOWS Microsoft Windows SMB andx invalid server name share access
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
CVSS base score 7.8 CVSS impact score 6.9 CVSS exploitability score 10.0 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE
CVE-2010-0022:
CVSS base score 7.8
CVSS impact score 6.9
CVSS exploitability score 10.0
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact COMPLETE
CVE-2010-0022: The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
CVE-2010-0022:
Access Vector NETWORK
Access Complexity LOW
Authentication NONE
None known
None known
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.