This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.
The remote mail server may be affected by multiple vulnerabilities.
The installed version of Microsoft Exchange / Windows SMTP Service
is affected by at least one vulnerability :
- Incorrect parsing of DNS Mail Exchanger (MX) resource
records could cause the Windows Simple Mail Transfer
Protocol (SMTP) component to stop responding until
the service is restarted. (CVE-2010-0024)
- Improper allocation of memory for interpreting SMTP
command responses may allow an attacker to read random
email message fragments stored on the affected server.
- Predictable transaction IDs are used, which could allow
a man-in-the-middle attacker to spoof DNS responses.
- There is no verification that the transaction ID of a
response matches the transaction ID of a query, which
could allow a man-in-the-middle attacker to spoof DNS
See also :
Microsoft has released a set of patches for Windows 2000, XP, 2003,
and 2008 as well as Exchange Server 2000, 2003, 2007, and 2010.
Risk factor :
Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 5.3
Public Exploit Available : true
Family: Windows : Microsoft Bulletins
Nessus Plugin ID: 45511 ()
Bugtraq ID: 39308393813990839910
CVE ID: CVE-2010-0024CVE-2010-0025CVE-2010-1689CVE-2010-1690
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.