Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-1689

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.

Published

2010-05-07T18:30:01.640

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

4.9

Weaknesses
  • Type: Primary
    CWE-310
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System microsoft windows_2000 - Yes
Operating System microsoft windows_2000 - Yes
Operating System microsoft windows_2000 - Yes
Operating System microsoft windows_2000 - Yes
Operating System microsoft windows_xp - Yes
Operating System microsoft windows_xp - Yes
Operating System microsoft windows_xp - Yes
Operating System microsoft windows_server_2003 - Yes
Operating System microsoft windows_server_2003 - Yes
Operating System microsoft windows_server_2008 - Yes
Operating System microsoft windows_server_2008 - Yes
Operating System microsoft windows_server_2008 r2 Yes
Application microsoft exchange_server 2003 Yes
Application microsoft exchange_server 2003 Yes
Application microsoft exchange_server 2003 Yes
Application microsoft exchange_server 2007 Yes
Application microsoft exchange_server 2007 Yes
Application microsoft exchange_server 2007 Yes
Application microsoft exchange_server 2010 Yes
References