CVE-2010-2567

2010-09-1519:00:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2010-2567

rpc

remote procedure call

memory corruption

windows xp

windows server 2003

vulnerability

nvd

7.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

71.7%

JSON

The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka “RPC Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:windows_xpmicrosoft windows xpeq-
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_server_2003microsoft windows server 2003eq*