CVE-2010-1690
https://notcve.org/view.php?id=CVE-2010-1690
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. La implementación DNS en smtpsvc.dll anteriores a v6.0.2600.5949 en Microsoft Windows 2000 SP4 y anteriores, Windows XP SP3 y anteriores, Windows Server 2003 SP2 y anteriores, Windows Server 2008 SP2 y anteriores , Windows Server 2008 R2, Exchange Server 2003 SP3 y anteriores, Exchange Server 2007 SP2 y anteriores, y Exchange Server 2010 no verifican que IDs de transacción de respuestas, coinciden con con las IDs de las peticiones, lo que provoca que sea fácil que un atacante capture respuestas DNS mediante un ataque "hombre-en-medio" (man-in-the-middle), es una vulnerabilidad distinta a CVE-2010-0024 and CVE-2010-0025. • http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0058.html http://securitytracker.com/id?1023939 http://www.coresecurity.com/content/CORE-2010-0424-windows-smtp-dns-query-id-bugs http://www.securityfocus.com/bid/39910 • CWE-20: Improper Input Validation •
CVE-2010-0025
https://notcve.org/view.php?id=CVE-2010-0025
The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability." El componente SMTP en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, y Server 2008 Gold, SP2, y R2, y Exchange Server 2000 SP3, no asigna adecuadamente memoria para las replicas de comando SMTP, lo que permite a atacantes remotos leer fragmentos de mensajes e-mail por envío de una serio de comandos inválidos y luego enviando un comando STARTTLS, conocido también como "Vulnerabilidad de asignación de memoria SMTP." • http://secunia.com/advisories/39253 http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-024 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12175 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-0238
https://notcve.org/view.php?id=CVE-2010-0238
Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability." Vulnerabilidad no especificada en la validación de la llave de registro en el kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, y Vista Gold permite a usuarios locales causar una denegación de servicio (reinicio) a través de una aplicación manipulada, conocido como "Windows Kernel Registry Key Vulnerability." • http://secunia.com/advisories/39373 http://www.securitytracker.com/id?1023850 http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6793 • CWE-20: Improper Input Validation •
CVE-2010-0235
https://notcve.org/view.php?id=CVE-2010-0235
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability." El kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, y Vista Gold no realiza adecuadamente la validación esperada antes de crear un enlace simbólico, lo que permite a usuarios locales causar una denegación de servicio (reinicio) a través de una aplicación manipulada, conocido como "Windows Kernel Symbolic Link Value Vulnerability." • http://secunia.com/advisories/39373 http://www.securitytracker.com/id?1023850 http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7509 • CWE-20: Improper Input Validation •
CVE-2010-0234
https://notcve.org/view.php?id=CVE-2010-0234
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability." El kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2 no valida adecuadamente un argumento del registro de claves en una llamada de sistema no especificada, lo que permite a usuarios locales causar una denegación de servicio (reinicio) a través de una aplicación manipulada, conocido también como "Windows Kernel Null Pointer Vulnerability." • http://secunia.com/advisories/39373 http://secunia.com/advisories/39374 http://www.securitytracker.com/id?1023850 http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6814 • CWE-20: Improper Input Validation •