Lucene search

PRIOn knowledge basePRION:CVE-2010-2566

HistoryAug 11, 2010 - 6:47 p.m.

Remote code execution

2010-08-1118:47:00

PRIOn knowledge base

www.prio-n.com

8.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.907 High

EPSS

Percentile

98.7%

JSON

The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka “SChannel Malformed Certificate Request Remote Code Execution Vulnerability.”

CPENameOperatorVersion
windows_xpeq sp2x64

CPE	Name	Operator	Version
	windows_xp	eq	sp2x64

References

www.us-cert.gov/cas/techalerts/TA10-222A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11787

8.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.907 High

EPSS

Percentile

98.7%

JSON

Related for PRION:CVE-2010-2566