Lucene search

PRIOn knowledge basePRION:CVE-2010-0022

HistoryFeb 10, 2010 - 6:30 p.m.

Null pointer dereference

2010-02-1018:30:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.951 High

EPSS

Percentile

99.2%

JSON

The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka “SMB Null Pointer Vulnerability.”

CPENameOperatorVersion
windows_2003_servereq sp2x64
windows_server_2008eq sp2itanium
windows_xpeq sp2x64

Name	Operator	Version
windows_2003_server	eq	sp2x64
windows_server_2008	eq	sp2itanium
windows_xp	eq	sp2x64

References

www.us-cert.gov/cas/techalerts/TA10-040A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-012

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8314

6.8 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.951 High

EPSS

Percentile

99.2%

JSON

Related for PRION:CVE-2010-0022