1. Home
  2. CVE Database
  3. CVE-2010-0024
MEDIUM · 5.0

CVE-2010-0024

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows rem...

Vulnerability Description

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL

Affected Products

VendorProductVersions
MicrosoftWindows 2000-
MicrosoftWindows Xp-
MicrosoftWindows 2003 Server-
MicrosoftWindows Server 2003-
MicrosoftWindows Server 2008-
MicrosoftExchange Server2000

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2010-0024?

CVE-2010-0024 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows rem...

How severe is CVE-2010-0024?

CVE-2010-0024 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-0024?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows Xp, Microsoft Windows 2003 Server, Microsoft Windows Server 2003, Microsoft Windows Server 2008.