CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS10-023 | Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160) | Microsoft Exchange | Critical | 14-04-2010 |
Technical Information
Brief overview of the risk:
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Exchange and Windows SMTP Service. The more severe of these vulnerabilities could allow denial of service if an attacker sent a specially crafted DNS response to a computer running the SMTP service.
Detailed Information on the risk:
A denial of service vulnerability exists in the way that the Microsoft Windows Simple Mail Transfer Protocol (SMTP) component handles specially crafted DNS Mail Exchanger (MX) resource records. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the SMTP service. An attacker who successfully exploited this vulnerability could cause the SMTP service to stop responding until restarted.
Further information on this exploit is available at : MS10-024
Affected Software
Microsoft Exchange Server 2000 Service Pack 3Microsoft Exchange Server 2003 Service Pack 2
Microsoft Exchange Server 2007 Service Pack 1 for x64-based Systems
Microsoft Exchange Server 2007 Service Pack 2 for x64-based Systems
Microsoft Exchange Server 2010 for x64-based Systems
Microsoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems
Windows XP Professional x64 Edition Service Pack 2