Vulnerability CVE-2010-1690
Published: 2010-05-07   Modified: 2012-02-13

Description:
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Microsoft -> Exchange server 
Microsoft -> Windows 2000 
Microsoft -> Windows 2003 server 
Microsoft -> Windows server 2003 
Microsoft -> Windows server 2008 
Microsoft -> Windows xp 

 References:
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0058.html
http://securitytracker.com/id?1023939
http://www.coresecurity.com/content/CORE-2010-0424-windows-smtp-dns-query-id-bugs
http://www.securityfocus.com/bid/39910
Copyright 2024, cxsecurity.com

 

Back to Top