Information disclosure in Microsoft Exchange_server

CVE-2010-0025

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers t…

Vulnerability class: Information Disclosure

EPSS: 0.594 (98.3th percentile) — read the EPSS interpretation.

Affected products

Microsoft Exchange_server — versions 2000, 2007, 2003
Microsoft Windows_2000
Microsoft Windows_2003_server
Microsoft Windows_server_2003
Microsoft Windows_server_2008
Microsoft Windows_xp
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

39253 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
TA10-103A (US Government Resource, Third Party Advisory, x_refsource_CERT, third-party-advisory)
MS10-024 (x_refsource_MS, vendor-advisory, Patch, Vendor Advisory)
oval:org.mitre.oval:def:12175 (signature, x_refsource_OVAL, Third Party Advisory, vdb-entry)