CVE-2010-0016

Summary

CVE	CVE-2010-0016
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2010-02-10 18:30:00 UTC
Updated	2019-02-26 14:04:00 UTC
Description	The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Microsoft	Windows 2000	-	sp4	All	All
Operating System	Microsoft	Windows 2000	-	sp4	All	All
Operating System	Microsoft	Windows Server 2003	All	sp2	All	All
Operating System	Microsoft	Windows Server 2003	All	sp2	All	All
Operating System	Microsoft	Windows Xp	All	sp2	professional_x64	All
Operating System	Microsoft	Windows Xp	All	sp3	All	All
Operating System	Microsoft	Windows Xp	-	sp2	home	All
Operating System	Microsoft	Windows Xp	-	sp3	home	All
Operating System	Microsoft	Windows Xp	All	sp2	professional_x64	All
Operating System	Microsoft	Windows Xp	All	sp3	All	All
Operating System	Microsoft	Windows Xp	-	sp2	home	All
Operating System	Microsoft	Windows Xp	-	sp3	home	All

References

Reference	Source	Link	Tags
US-CERT Technical Cyber Security Alert TA10-040A -- Microsoft Updates for Multiple Vulnerabilities	CERT	www.us-cert.gov	US Government Resource
Repository / Oval Repository	OVAL	oval.cisecurity.org
Microsoft Security Bulletin MS10-006 - Critical \| Microsoft Docs	MS	docs.microsoft.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.