Summary
The Microsoft Windows Simple Mail Transfer Protocol (SMTP) Server is prone to a denial-of-service vulnerability and to to an information-disclosure vulnerability.
Successful exploits of the denial-of-service vulnerability will cause the affected SMTP server to stop responding, denying service to legitimate users.
Attackers can exploit the information-disclosure issue to gain access to sensitive information. Any information obtained may lead to further attacks.
Solution
Microsoft released fixes to address this issue. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2010-0024, CVE-2010-0025 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Alt-N MDaemon SUBSCRIBE Remote Information Disclosure Vulnerability
- Code-Crafters Ability Mail Server IMAP FETCH Request Remote Denial Of Service Vulnerability
- Sendmail Parsing Redirection DOS
- Quick 'n Easy Mail Server SMTP Request Remote Denial Of Service Vulnerability
- Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability