CVE-2010-2567

The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

History

21 Nov 2024, 01:16

Type Values Removed Values Added
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-066 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-066 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7177 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7177 -

Information

Published : 2010-09-15 19:00

Updated : 2024-11-21 01:16


NVD link : CVE-2010-2567

Mitre link : CVE-2010-2567

CVE.ORG link : CVE-2010-2567


JSON object : View

Products Affected

microsoft

  • windows_server_2003
  • windows_xp
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')