CVE-2010-1690Improper Input Validation in Microsoft Exchange Server

CWE-20Improper Input Validation3 documents3 sources
Severity
6.4MEDIUMNVD
CNA5.0
EPSS
20.7%
top 4.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Exchange ServerMicrosoft Windows Server 2008
Timeline
PublishedMay 7
Latest updateMay 13

Description

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a differe

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

NVDmicrosoft/exchange_server2003, 2007, 2010+2

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-xc9g-2j8f-74wm: The DNS implementation in smtpsvc2022-05-13
CVEList
CVE-2010-1690: The DNS implementation in smtpsvc2010-05-07
CVE-2010-1690 — Improper Input Validation in Microsoft | cvebase