SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol
"SMBleed" (CVE-2020-1206) by cybersecurity firm ZecOps, the flaw resides in SMB's decompression function — the same function as with SMBGhost or EternalDarkness bug (CVE-2020-0796), which came to light three months ago, potentially opening vulnerable Windows systems to malware attacks that can propagate across networks.

The newly discovered vulnerability impacts Windows 10 versions 1903 and 1909, for which Microsoft today released security patches as part of its monthly Patch Tuesday updates for June.


The development comes as the US Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory last week warning Windows 10 users to update their machines after exploit code for SMBGhost bug was published online last week.

SMBGhost was deemed so serious that it received a maximum severity rating score of 10.

According to Israeli cybersecurity company JSOF—who discovered these flaws—the affected devices are in use across various industries, ranging from home/consumer devices to medical, healthcare, data centers, enterprises, telecom, oil, gas, nuclear, transportation, and many others across critical infrastructure.


CVE-2020-11896 (CVSS v3 base score 10.0): Improper handling of length parameter inconsistency in IPv4/UDP component when handling a packet sent by an unauthorized network attacker. This vulnerability may result in remote code execution.

CVE-2020-11897 (CVSS v3 base score 10.0): Improper handling of length parameter inconsistency in IPv6 component when handling a packet sent by an unauthorized network attacker. This vulnerability may result in possible out-of-bounds write.

CVE-2020-11898 (CVSS v3 base score 9.8): Improper handling of length parameter inconsistency in IPv4/ICMPv4 component when handling a packet sent by an unauthorized network attacker. This vulnerability may result in the exposure of sensitive information.

CVE-2020-11899 (CVSS v3 base score 9.8): Improper input validation in the IPv6 component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow exposure of sensitive information.

CVE-2020-11900 (CVSS v3 base score of 9.3): Possible double free in IPv4 tunneling component when handling a packet sent by a network attacker. This vulnerability may result in remote code execution.

CVE-2020-11901 (CVSS v3 base score 9.0): Improper input validation in the DNS resolver component when handling a packet sent by an unauthorized network attacker. This vulnerability may result in remote code execution.

presented by 『∨・丂 』☣️ |n0v@T0®

Ｔｅａｍ ・Ｖｅｎ๏ ｍＳＥＣ☣️

🔰 PPS SMS BOMBER 🔰

🔶 Features -
🔷 Unlimited And Super-Fast Bombing
🔷 International Bombing
🔷 Call Bombing
🔷Protection List
🔷 Automated Future Updates
🔷 Easy To Use And Embed in Code

⬇️ Link-
https://github.com/xx-BireN-xx/PPSBomb

⬇️ Termux-
https://play.google.com/store/apps/details?id=com.termux

🔱 Best Pentration-Testing Rom For Android* 🔱

🌟 kekHunter Rom 🌟

🎯 Support Multiple devices
🎯 Custom applications
🎯 Support Android Q
🎯 Kernal with HID support
🎯 & Lot's of features to make your hacking experience better on your device
🛡Soon more devices will be added in support list🛡

Installation and setup video is coming soon for Poco F1🙂

let's crack Wi-Fi password using KekHunter ROM 😍 Installation video is coming soon 😊 Please support developers by joining their channel.
#TEAM420
# TEAMVenomSEC☣

✉️ Next Video Topic 🙂

Poll is anonymous!

┌ How To Create A Secure Website (163 votes)
└ ▬▬▬▭▭▭▭▭▭▭ (37%)

┌ WordPress Website Hack & secure (276 votes)
└ ▬▬▬▬▬▬▭▭▭▭ (63%)

439 users voted so far