CVE-2010-2566

2010-08-1118:47:51

CWE-20

[email protected]

web.nvd.nist.gov

secure channel

schannel

microsoft

windows

vulnerability

remote code execution

ssl

cve-2010-2566

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

Low

0.864 High

EPSS

Percentile

98.6%

JSON

The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka “SChannel Malformed Certificate Request Remote Code Execution Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_2003_serversp2

microsoftwindows_2003_serversp2itanium

microsoftwindows_server_2003sp2

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2x64

CPENameOperatorVersion
microsoft:windows_2003_servermicrosoft windows 2003 servereq*
microsoft:windows_server_2003microsoft windows server 2003eq*
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_xpmicrosoft windows xpeq-

CPE	Name	Operator	Version
microsoft:windows_2003_server	microsoft windows 2003 server	eq	*
microsoft:windows_server_2003	microsoft windows server 2003	eq	*
microsoft:windows_xp	microsoft windows xp	eq	*
microsoft:windows_xp	microsoft windows xp	eq	-