Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2010-2566 | First vendor Publication | 2010-08-11 |
| Vendor | Cve | Last vendor Modification | 2019-02-26 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability." |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2566 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:11787 | |||
| Oval ID: | oval:org.mitre.oval:def:11787 | ||
| Title: | SChannel Malformed Certificate Request Remote Code Execution Vulnerability | ||
| Description: | The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2566 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 2 | |
| Os | 1 | |
| Os | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-08-11 | Name : Remote Code Execution Vulnerabilities in SChannel (980436) File : nvt/secpod_ms10-049.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 66987 | Microsoft Windows SChannel Malformed Certificate Request Remote Code Execution Microsoft Windows contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue exists in the way that SChannel on a client machine validates a certificate request message sent by the server, and can result in convincing a user to view the malicious Web site containing arbitrary code. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-03-20 | Microsoft Windows secure channel malformed certificate request memory corrupt... RuleID : 29823 - Revision : 4 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2018-04-03 | Name : The remote web server may allow remote code execution. File : iis_7_pci.nasl - Type : ACT_GATHER_INFO |
| 2010-08-11 | Name : It may be possible to execute arbitrary code on the remote Windows host using... File : smb_nt_ms10-049.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:11:46 |
|
| 2021-04-22 01:12:22 |
|
| 2020-05-23 00:26:04 |
|
| 2019-02-26 17:19:33 |
|
| 2018-10-13 00:22:58 |
|
| 2017-09-19 09:23:50 |
|
| 2016-04-26 19:56:19 |
|
| 2014-03-20 21:21:24 |
|
| 2014-02-17 10:56:17 |
|
| 2013-05-10 23:28:26 |
|
