DNS Spoofing Vulnerability in Microsoft Windows and Exchange Servers
CVE-2010-1689

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2000
Vendor: CVE Published:; 7 May 2010

What is CVE-2010-1689?

The DNS implementation within smtpsvc.dll across various versions of Microsoft Windows and Exchange Server is vulnerable due to predictable transaction IDs. This weakness allows attackers to carry out man-in-the-middle attacks by spoofing DNS responses, thereby potentially redirecting users or accessing sensitive information. This issue particularly affects legacy systems, making it essential for organizations to assess and fortify their security posture against such vulnerabilities.

References

http://www.coresecurity.com/content/CORE-2010-0424-window...

x_refsource_MISC

http://www.securityfocus.com/bid/39908

vdb-entryx_refsource_BID

http://archives.neohapsis.com/archives/fulldisclosure/201...

mailing-listx_refsource_FULLDISC

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
May 7, 2010