ID CVE-2010-3937
Summary Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:exchange_server:2007:sp2:*:*:*:*:x64:*
    cpe:2.3:a:microsoft:exchange_server:2007:sp2:*:*:*:*:x64:*
CVSS
Base: 4.0 (as of 09-04-2020 - 13:25)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:P
msbulletin via4
bulletin_id MS10-106
bulletin_url
date 2010-12-14T00:00:00
impact Denial of Service
knowledgebase_id 2407132
knowledgebase_url
severity Moderate
title Vulnerability in Microsoft Exchange Server Could Allow Denial of Service
oval via4
accepted 2011-01-24T04:00:12.829-05:00
class vulnerability
contributors
name Dragos Prisaca
organization Symantec Corporation
definition_extensions
comment Microsoft Exchange Server 2007 SP2 is installed
oval oval:org.mitre.oval:def:12396
description Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
family windows
id oval:org.mitre.oval:def:12019
status accepted
submitted 2010-12-14T14:00:00
title Exchange Server Infinite Loop Vulnerability
version 8
refmap via4
bid 45297
cert TA10-348A
sectrack 1024888
Last major update 09-04-2020 - 13:25
Published 16-12-2010 - 19:33
Last modified 09-04-2020 - 13:25
Back to Top