SMB Pathname Overflow Vulnerability in Microsoft Windows Products
CVE-2010-0020

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Server 2008; Windows Xp; Windows Vista; Windows 2003 Server
Vendor: CVE Published:; 10 February 2010

What is CVE-2010-0020?

The SMB implementation in the Server service of certain Microsoft Windows operating systems is susceptible to a vulnerability due to insufficient validation of request fields. This flaw enables remote authenticated users to send specially crafted requests that can lead to arbitrary code execution on the affected systems. It particularly impacts older versions of Windows, highlighting the importance of updating to mitigate such risks.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/cas/techalerts/TA10-040A.html

third-party-advisoryx_refsource_CERT

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

39% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2010
Vulnerability Reserved
Dec 14, 2009