6 matches found
CVE-2010-1690
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and...
Code injection
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and...
CVE-2010-1689
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and...
CVE-2010-1690
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and...
CVE-2010-1690
CVE-2010-1690 describes a DNS spoofing vulnerability in the Windows SMTP/Exchange DNS handling: smtpsvc.dll before 6.0.2600.5949 does not verify that DNS response transaction IDs match the corresponding query IDs, enabling potential MITM spoofing of DNS responses. Affected products span Windows 2...
CVE-2010-1689
The Red Hat and NVD entries confirm concrete details for CVE-2010-1689 and CVE-2010-1690: the DNS handling in smtpsvc.dll on Windows and Exchange product lines prior to specific builds uses predictable DNS transaction IDs (CVE-2010-1689) and does not verify that response IDs match queries (CVE-20...