CVE-2010-3937 — Infinite Loop in Microsoft Exchange Server

CWE-3993 documents3 sources

Severity

4.0MEDIUMNVD

EPSS

33.7%

top 3.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Exchange Server

Timeline

PublishedDec 16

Latest updateMay 13

Description

Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/exchange_server2007

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-mggf-xr95-8r5v: Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS↗2022-05-13

▶

CVEList

CVE-2010-3937: Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS↗2010-12-16

▶