Race Condition Vulnerability in Microsoft Windows Server and Client Products
CVE-2010-0021

5.9MEDIUM

Key Information:

Vendor

Microsoft
Status
Windows Server 2008
Windows Xp
Windows Vista
Windows 2003 Server
Vendor
CVE Published:
10 February 2010

What is CVE-2010-0021?

Multiple race conditions exist within the Server Message Block (SMB) implementation in various Microsoft Windows products. Attackers can exploit these vulnerabilities through specially crafted SMBv1 or SMBv2 Negotiate packets, potentially leading to a denial of service and causing the affected system to hang. This vulnerability underscores the importance of patching affected systems and implementing security measures to mitigate potential risks.

References

http://www.us-cert.gov/cas/techalerts/TA10-040A.html
third-party-advisoryx_refsource_CERT
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.