CVE-2010-0025
Summary
| CVE | CVE-2010-0025 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-04-14 16:00:00 UTC |
| Updated | 2020-04-09 13:24:00 UTC |
| Description | The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability." |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Exchange Server | 2000 | sp3 | All | All |
| Application | Microsoft | Exchange Server | 2003 | sp2 | All | All |
| Application | Microsoft | Exchange Server | 2007 | sp1 | All | All |
| Application | Microsoft | Exchange Server | 2007 | sp2 | All | All |
| Application | Microsoft | Exchange Server | 2010 | - | All | All |
| Application | Microsoft | Exchange Server | 2000 | sp3 | All | All |
| Application | Microsoft | Exchange Server | 2003 | sp2 | All | All |
| Application | Microsoft | Exchange Server | 2007 | sp1 | All | All |
| Application | Microsoft | Exchange Server | 2007 | sp2 | All | All |
| Application | Microsoft | Exchange Server | 2010 | - | All | All |
| Operating System | Microsoft | Windows 2000 | - | sp4 | All | All |
| Operating System | Microsoft | Windows 2000 | - | sp4 | All | All |
| Operating System | Microsoft | Windows 2003 Server | - | sp2 | All | All |
| Operating System | Microsoft | Windows 2003 Server | - | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2003 | - | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2003 | - | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | r2 | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | r2 | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | - | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | - | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | - | sp3 | All | All |
| Operating System | Microsoft | Windows Xp | - | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | - | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | - | sp3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Microsoft Security Bulletin MS10-024 - Important | Microsoft Docs | MS | docs.microsoft.com | Patch, Vendor Advisory |
| Microsoft Exchange Server 2000 Information Disclosure Vulnerability - Advisories - Community | SECUNIA | secunia.com | Third Party Advisory |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | Third Party Advisory |
| US-CERT Technical Cyber Security Alert TA10-103A -- Microsoft Updates for Multiple Vulnerabilities | CERT | www.us-cert.gov | Third Party Advisory, US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.