OS-WINDOWS Microsoft Windows secure channel malformed certificate request memory corruption attempt
The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
CVSS base score 9.3 CVSS impact score 10.0 CVSS exploitability score 8.6 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE
CVE-2010-2566:
CVSS base score 9.3
CVSS impact score 10.0
CVSS exploitability score 8.6
Confidentiality Impact COMPLETE
Integrity Impact COMPLETE
Availability Impact COMPLETE
CVE-2010-2566: The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
CVE-2010-2566:
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE
None known
None known
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.