Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2010-0020
HistoryFeb 10, 2010 - 6:30 p.m.

CVE-2010-0020

2010-02-1018:30:00
CWE-94
CWE-20
[email protected]
web.nvd.nist.gov
94
microsoft windows
smb
server service
remote code execution
cve-2010-0020

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.938 High

EPSS

Percentile

99.1%

JSON

The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka “SMB Pathname Overflow Vulnerability.”

Affected configurations

NVD
Node
microsoftwindows_2000sp4
OR
microsoftwindows_2003_serversp2
OR
microsoftwindows_2003_serversp2itanium
OR
microsoftwindows_2003_serverMatch-sp2x64
OR
microsoftwindows_7Match-
OR
microsoftwindows_server_2008itanium
OR
microsoftwindows_server_2008x32
OR
microsoftwindows_server_2008x64
OR
microsoftwindows_server_2008r2itanium
OR
microsoftwindows_server_2008r2x64
OR
microsoftwindows_server_2008sp2x32
OR
microsoftwindows_server_2008sp2x64
OR
microsoftwindows_server_2008Match-sp2itanium
OR
microsoftwindows_vista
OR
microsoftwindows_vistax64
OR
microsoftwindows_vistasp1
OR
microsoftwindows_vistasp2
OR
microsoftwindows_xpsp2
OR
microsoftwindows_xpsp2pro_x64
OR
microsoftwindows_xpsp3
OR
microsoftwindows_xpMatch-sp2x64

Related

prion 1
cvelist 1
checkpoint_advisories 1
nvd 1
exploitpack 1
securityvulns 2
openvas 4
nessus 3
exploitdb 1
threatpost 1
prion
prion
Buffer overflow
2010-02-10 18:30:00
cvelist
cvelist
CVE-2010-0020
2010-02-10 18:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft SMB COPY Command Pathname Overflow (MS10-012; CVE-2010-0020)
2010-02-09 00:00:00
nvd
nvd
CVE-2010-0020
2010-02-10 18:30:00
exploitpack
exploitpack
Microsoft Windows 72008 R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC)
2010-04-17 00:00:00
securityvulns
securityvulns
Microsoft Windows SMB server multiple security vulnerabilities
2010-02-10 00:00:00
Microsoft Security Bulletin MS10-012 - Important Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
2010-02-10 00:00:00
openvas
openvas
Microsoft Windows SMB Server Multiple Vulnerabilities (971468)
2010-02-10 00:00:00
Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468)
2010-10-22 00:00:00
Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468)
2010-10-22 00:00:00
nessus
nessus
MS10-012: Vulnerabilities in SMB Could Allow Remote Code Execution (971468)
2010-02-09 00:00:00
MS10-012: Vulnerabilities in SMB Could Allow Remote Code Execution (971468) (uncredentialed check)
2010-09-13 00:00:00
Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)
2018-04-03 00:00:00
exploitdb
exploitdb
Microsoft Windows 7/2008 R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC)
2010-04-17 00:00:00
threatpost
threatpost
MS Patch Tuesday: 13 Bulletins, 26 Vulnerabilities
2010-02-09 19:33:53

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.938 High

EPSS

Percentile

99.1%

JSON
Related for CVE-2010-0020
prion1cvelist1checkpoint_advisories1nvd1exploitpack1securityvulns2openvas4nessus3exploitdb1threatpost1