CVE-2010-1689 — Microsoft Exchange Server vulnerability

4 documents4 sources

Severity

6.4MEDIUMNVD

CNA5.0

EPSS

25.8%

top 3.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Exchange Server Microsoft Windows Server 2008

Timeline

PublishedMay 7

Latest updateMay 13

Description

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a differ…

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

▶NVDmicrosoft/exchange_server2003, 2007, 2010+2

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-2986-5hvv-7665: The DNS implementation in smtpsvc↗2022-05-13

▶

CVEList

CVE-2010-1689: The DNS implementation in smtpsvc↗2010-05-07

▶

💥Exploits & PoCs

Exploit-DB

Symantec Norton Internet Security 2004 - ActiveX Control Buffer Overflow (Metasploit)↗2010-05-09

▶