CVE-2010-2567
Description
The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka RPC Memory Corruption Vulnerability.
Risk Information
Base Score
6.2
MODERATE
Vector
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
18.556
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| ms10-066: vulnerability in remote procedure call could allow remote code execution for Windows XP (KB982802) | Windows |
| ms10-066: vulnerability in remote procedure call could allow remote code execution for Windows Server 2003 (KB982802) | Windows |
| ms10-066: vulnerability in remote procedure call could allow remote code execution for Windows XP x64 Edition (KB982802) | Windows |
| ms10-066: vulnerability in remote procedure call could allow remote code execution for Windows Server 2003 x64 Edition (KB982802) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-9144 | Security Update for Windows Server 2003 (KB982802) |
| PATCH-9145 | Security Update for Windows XP x64 Edition (KB982802) |
| PATCH-9146 | Security Update for Windows Server 2003 x64 Edition (KB982802) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234