Memory Allocation Vulnerability in Microsoft Windows and Exchange Server Products
CVE-2010-0025

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2000
Vendor: CVE Published:; 14 April 2010

Summary

The SMTP component in various Microsoft Windows and Exchange Server platforms suffers from a memory allocation vulnerability. This flaw allows remote attackers to exploit improperly allocated memory for SMTP command replies. By sending a series of crafted invalid commands followed by a STARTTLS command, attackers can potentially read fragments of email messages. This vulnerability raises significant security concerns surrounding email confidentiality and the integrity of affected systems.

References

http://secunia.com/advisories/39253

third-party-advisoryx_refsource_SECUNIA

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

54% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 14, 2010
Vulnerability Reserved
Dec 14, 2009