CVE-2010-0024

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.us-cert.gov/cas/techalerts/TA10-103A.html	Third Party Advisory US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-024	Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7067	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:microsoft:windows_xp:-:sp2::::::
	cpe:2.3:o:microsoft:windows_xp:-:sp2:::::x64:*
	cpe:2.3:o:microsoft:windows_xp:-:sp3::::::

Configuration 3 (hide)

OR	cpe:2.3:o:microsoft:windows_2003_server:-:sp2:::::itanium:*
	cpe:2.3:o:microsoft:windows_server_2003:-:sp2::::::

Configuration 4 (hide)

OR	cpe:2.3:o:microsoft:windows_server_2008:-::::::x64:
	cpe:2.3:o:microsoft:windows_server_2008:-:r2:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::x86:*

Configuration 5 (hide)

OR	cpe:2.3:a:microsoft:exchange_server:2000:sp3::::::
	cpe:2.3:a:microsoft:exchange_server:2003:sp2::::::
	cpe:2.3:a:microsoft:exchange_server:2007:sp1:::::x64:*
	cpe:2.3:a:microsoft:exchange_server:2007:sp2:::::x64:*
	cpe:2.3:a:microsoft:exchange_server:2010:-:::::x64:*

History

No history.

Information

Published : 2010-04-14 16:00

Updated : 2023-12-10 11:03

NVD link : CVE-2010-0024

Mitre link : CVE-2010-0024

CVE.ORG link : CVE-2010-0024

JSON object : View

Products Affected

microsoft

windows_2000
windows_2003_server
windows_server_2003
windows_xp
exchange_server
windows_server_2008

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2010-0024", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-04-14T16:00:00.587", "references": [{"url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-024", "tags": ["Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7067", "tags": ["Third Party Advisory"], "source": "secure@microsoft.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka \"SMTP Server MX Record Vulnerability.\""}, {"lang": "es", "value": "El componente SMTP en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, y Server 2008 Gold, SP2, y R2, y Exchange Server 2000 SP3, no valida adecuadamente los registros MX, lo que permite a servidores DNS remotos causar una denegaci\u00f3n de servicio (apagado de servicio)a trav\u00e9s de respuestas manipuladas en una petici\u00f3n de registro MX, tambi\u00e9n conocido como \"Vulnerabilidad de registro MX en servidor SMTP\""}], "lastModified": "2020-04-09T13:22:59.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "BADB0479-3E0E-4326-B568-9DBDCACF0B5E"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:itanium:*", "vulnerable": true, "matchCriteriaId": "F2718248-E0DF-4707-82E6-C9D04287F7FC"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D929AA2-EE0B-4AA1-805D-69BCCA11B77F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "F2F3C15B-1F4C-4E6C-A254-16F8A17F9A71"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:r2:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "D2CFC05C-282C-4146-AC21-BAE6AB9F1881"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "vulnerable": true, "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E88E31D4-1120-4A18-BA65-E2C96B35E599"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71A2E549-5F21-4842-BEB3-380CD4029C16"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2007:sp1:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "07D4D57D-589F-430F-BC4E-9F25D5E4BD63"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2007:sp2:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "31E93FB8-3818-4213-BCB6-4C3070E8B771"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2010:-:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "E0AC8771-3111-4EED-ACD2-F5B15DD14E62"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}