Oval Definition:oval:org.mitre.oval:def:7067
Revision Date:2014-08-18Version:28
Title:SMTP Server MX Record Vulnerability
Description:The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2010-0024
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows XP
Product(s):Microsoft Exchange Server 2003
SMTP
Definition Synopsis
  • Vulnerable Microsoft Windows 2000
  • Microsoft Windows 2000 is installed
  • AND The version of smtpsvc.dll is less than 5.0.2195.7381
  • OR Vulnerable Microsoft Windows XP (x86)
  • Microsoft Windows XP (32-bit) is installed
  • AND The version of smtpsvc.dll is less than 6.0.2600.3680
  • OR Vulnerable Microsoft Windows XP (x86)
  • Microsoft Windows XP (32-bit) is installed
  • AND The version of smtpsvc.dll is less than 6.0.2600.5949
  • OR Vulnerable Microsoft Windows XP x64, Server 2003 x86/x64/ia64
  • XP x64/server 2003 x86/x64/ia64
  • Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • AND The version of smtpsvc.dll is less than 6.0.3790.4675
  • OR Vulnerable Microsoft Server 2008 32bit/x64
  • Microsoft Server 2008 32bit/x64
  • Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • AND GDR or LDR Service branch
  • The version of smtpsvc.dll is less than 7.0.6001.18485
  • OR LDR
  • The version of smtpsvc.dll is greater than or equal 7.0.6001.22000
  • AND The version of smtpsvc.dll is less than 7.0.6001.22704
  • OR Vulnerable Microsoft Windows Server 2008 32bit/x64
  • Microsoft Server 2008 32bit/x64
  • Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • AND GDR or LDR Service branch
  • The version of smtpsvc.dll is less than 7.0.6002.18264
  • OR LDR
  • The version of smtpsvc.dll is greater than or equal 7.0.6002.22000
  • AND The version of smtpsvc.dll is less than 7.0.6002.22417
  • OR Vulnerable Microsoft Windows Server 2008 R2 x86/x64/ia64
  • Microsoft Windows Server 2008 R2 x64 Edition is installed
  • AND GDR or LDR Service branch
  • The version of smtpsvc.dll is less than 7.5.7600.16601
  • OR LDR
  • The version of smtpsvc.dll is greater than or equal 7.5.7600.20000
  • AND The version of smtpsvc.dll is less than 7.5.7600.20723
  • OR Vulnerable Microsoft Exchange Server 2003 SP2
  • Microsoft Exchange Server 2003 Service Pack 2 is installed
  • AND The version of Msgfilter.dll is less than 6.5.7656.2
    • BACK