Vulnerability Description
The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2003 Server | All versions |
| Microsoft | Windows Server 2003 | All versions |
| Microsoft | Windows Xp | All versions |
Related Weaknesses (CWE)
References
- http://www.us-cert.gov/cas/techalerts/TA10-222A.htmlUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-04
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://www.us-cert.gov/cas/techalerts/TA10-222A.htmlUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-04
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2010-2566?
CVE-2010-2566 is a vulnerability with a CVSS score of 9.3 (HIGH). The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, w...
How severe is CVE-2010-2566?
CVE-2010-2566 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2566?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2003 Server, Microsoft Windows Server 2003, Microsoft Windows Xp.