CVE-2010-0024

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.us-cert.gov/cas/techalerts/TA10-103A.html	Third Party Advisory US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7067	Third Party Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-024	Patch Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:microsoft:windows_xp:-:sp2::::::
	cpe:2.3:o:microsoft:windows_xp:-:sp2:::::x64:*
	cpe:2.3:o:microsoft:windows_xp:-:sp3::::::

Configuration 3 (hide)

OR	cpe:2.3:o:microsoft:windows_2003_server:-:sp2:::::itanium:*
	cpe:2.3:o:microsoft:windows_server_2003:-:sp2::::::

Configuration 4 (hide)

OR	cpe:2.3:o:microsoft:windows_server_2008:-::::::x64:
	cpe:2.3:o:microsoft:windows_server_2008:-:r2:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::x86:*

Configuration 5 (hide)

OR	cpe:2.3:a:microsoft:exchange_server:2000:sp3::::::
	cpe:2.3:a:microsoft:exchange_server:2003:sp2::::::
	cpe:2.3:a:microsoft:exchange_server:2007:sp1:::::x64:*
	cpe:2.3:a:microsoft:exchange_server:2007:sp2:::::x64:*
	cpe:2.3:a:microsoft:exchange_server:2010:-:::::x64:*

Information

Published : 2010-04-14 09:00

Updated : 2020-04-09 06:22

NVD link : CVE-2010-0024

Mitre link : CVE-2010-0024

JSON object : View

CWE

CWE-20

Improper Input Validation

Advertisement

Products Affected

microsoft

windows_2003_server
windows_xp
windows_server_2008
exchange_server
windows_2000
windows_server_2003

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html", "name": "TA10-103A", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7067", "name": "oval:org.mitre.oval:def:7067", "tags": ["Third Party Advisory"], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-024", "name": "MS10-024", "tags": ["Patch", "Vendor Advisory"], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka \"SMTP Server MX Record Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-0024", "ASSIGNER": "secure@microsoft.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-04-14T16:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:itanium:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:r2:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:exchange_server:2007:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:exchange_server:2007:sp2:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:exchange_server:2010:-:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-04-09T13:22Z"}