NVD

Id
13203  
Name
CVE-2010-1690  
Description
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.  
Reject
 
CVSS Version
2  
CVSS Score
6.4  
Severity
Medium  
CVSS Base Score
6.4  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:P/A:P)  
Pub Date
2017-01-18  
Published
2010-05-07  
Modified Date
2010-05-10  
Seq
2010-1690  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
72956 13203 CVE-2010-1690 20100504 [CORE-2010-0427] Windows SMTP Service DNS query Id vulnerabilities  View
72957 13203 CVE-2010-1690 1023939  View
72958 13203 CVE-2010-1690 http://www.coresecurity.com/content/CORE-2010-0424-windows-smtp-dns-query-id-bugs  View
72959 13203 CVE-2010-1690 39910  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
38967 JVNDB-2010-004752 Microsoft Windows 2000 SP4 などの smtpsvc.dll の DNS の実装における DNS 応答を偽装される脆弱性 Microsoft Windows 2000 SP4、Windows XP SP3、Windows Server 2003 SP2、Windows Server 2008 SP2、Windows Server 2008 R2、Exchange Server 2003 SP3、Exchange Server 2007 SP2、および Exchange Server 2010 の smtpsvc.dll の DNS の実装は、クエリの応答のトランザクション ID を検証しないため、DNS 応答を偽装される脆弱性が存在します。 CVE-2010-1690 44270 CVE-2010-1690 13203 6.4 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-004752.html 2010-04-13 2012-09-25 View