Vulnerability CVE-2010-2550

Vulnerability CVE-2010-2550

Published: 2010-08-11 Modified: 2012-02-13

Description:

The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."

See advisories in our WLB2 database:

	Topic	Author	Date
High	Microsoft SMB Server Trans2 Zero Size Pool Alloc	Laurent Gaffie	12.08.2010

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
10/10	10/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Microsoft -> Windows 2003 server
Microsoft -> Windows 7
Microsoft -> Windows server 2003
Microsoft -> Windows server 2008
Microsoft -> Windows vista
Microsoft -> Windows xp

References:

http://www.us-cert.gov/cas/techalerts/TA10-222A.html

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-054

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11106

Copyright 2024, cxsecurity.com