DNS Spoofing Vulnerability in Microsoft Windows and Exchange Server
CVE-2010-1690

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2000
Vendor: CVE Published:; 7 May 2010

What is CVE-2010-1690?

A vulnerability exists in the DNS implementation within smtpsvc.dll in various versions of Microsoft Windows and Exchange Server that fails to ensure the matching of transaction IDs between DNS response and query. This oversight allows attackers to perform man-in-the-middle attacks, facilitating DNS spoofing and compromising the integrity of DNS transactions.

References

http://www.coresecurity.com/content/CORE-2010-0424-window...

x_refsource_MISC

http://archives.neohapsis.com/archives/fulldisclosure/201...

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/bid/39910

vdb-entryx_refsource_BID

EPSS Score

19% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
May 7, 2010