6.4

CVE-2010-1689

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 2000 Version- Updatesp1
MicrosoftWindows 2000 Version- Updatesp2
MicrosoftWindows 2000 Version- Updatesp3
MicrosoftWindows 2000 Version- Updatesp4
MicrosoftWindows Xp Version- Updatesp1
MicrosoftWindows Xp Version- Updatesp2
MicrosoftWindows Xp Version- Updatesp3
MicrosoftWindows Server 2003 Version- Updatesp1
MicrosoftWindows Server 2003 Version- Updatesp2
MicrosoftWindows Server 2008 Version- Updatesp1
MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftWindows Server 2008 Versionr2 Update-
MicrosoftExchange Server Version2003 Update-
MicrosoftExchange Server Version2003 Updatesp1
MicrosoftExchange Server Version2003 Updatesp2
MicrosoftExchange Server Version2007 Update-
MicrosoftExchange Server Version2007 Updatesp1
MicrosoftExchange Server Version2007 Updatesp2
MicrosoftExchange Server Version2010 Update-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 25.77% 0.961
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:N/I:P/A:P
http://securitytracker.com/id?1023939
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/39908
Third Party Advisory
VDB Entry