CVE-2010-0025

2010-04-1416:00:00

CWE-200

[email protected]

web.nvd.nist.gov

microsoft

windows

smtp

vulnerability

memory allocation

nvd

cve-2010-0025

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.299 Low

EPSS

Percentile

96.9%

JSON

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka “SMTP Memory Allocation Vulnerability.”

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq-
microsoft:windows_xpmicrosoft windows xpeq-
microsoft:windows_server_2003microsoft windows server 2003eq-
microsoft:windows_2003_servermicrosoft windows 2003 servereq-
microsoft:windows_server_2008microsoft windows server 2008eq-
microsoft:exchange_servermicrosoft exchange servereq2000
microsoft:exchange_servermicrosoft exchange servereq2003
microsoft:exchange_servermicrosoft exchange servereq2007
microsoft:exchange_servermicrosoft exchange servereq2010

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	-
microsoft:windows_xp	microsoft windows xp	eq	-
microsoft:windows_server_2003	microsoft windows server 2003	eq	-
microsoft:windows_2003_server	microsoft windows 2003 server	eq	-
microsoft:windows_server_2008	microsoft windows server 2008	eq	-
microsoft:exchange_server	microsoft exchange server	eq	2000
microsoft:exchange_server	microsoft exchange server	eq	2003
microsoft:exchange_server	microsoft exchange server	eq	2007
microsoft:exchange_server	microsoft exchange server	eq	2010