what you don't know can hurt you
Showing 1 - 1 of 1 RSS Feed

Files

Core Security Technologies Advisory 2010.0427
Posted May 5, 2010
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Prior to MS10-024 the Windows SMTP Service generated DNS queries with trivially guessable values in the transaction ID field. The issue was addressed in MS10-024 by adding a call to the 'CAsyncDns::GenerateRandWord' method when building the DNS query. Prior to MS10-024 the Windows SMTP Service did not check that the value of the ID field of a DNS response received from the network actually matched the value of the ID field of a corresponding DNS query packet previously sent. The issue was addressed in MS10-024 by adding validation logic to the 'CAsyncDns::ProcessReadIO' method.

tags | advisory
systems | windows
advisories | CVE-2010-1689, CVE-2010-1690
MD5 | 880567661ec46f1b868bdc82eb8e77c7
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Venmo Transaction Scraped In Privacy Warning To Consumers
Posted Jun 18, 2019

tags | headline, privacy, bank, cybercrime, data loss, fraud, flaw, paypal
Facebook Launches Cryptocurrency To Shake Up Global Finance
Posted Jun 18, 2019

tags | headline, bank, facebook, cryptography
US And Russia Clash Over Power Grid Hack Attacks
Posted Jun 18, 2019

tags | headline, government, usa, russia, cyberwar, scada
Smash GandCrab Tool Released To Decrypt Ransomware
Posted Jun 18, 2019

tags | headline, malware, cybercrime, fraud, cryptography
Hacker Conference Speaker Axed Over Abortion Views
Posted Jun 17, 2019

tags | headline, government, usa, conference
Exposed Database Dumps PII Of 1.6 Million Job Seekers
Posted Jun 17, 2019

tags | headline, privacy, database, data loss
Telegram DDoS Attack Launched Mostly From China
Posted Jun 17, 2019

tags | headline, china, denial of service, social
U.S. Defense, Intelligence Ramps Up Efforts To Insert Malware In Russia's Grid
Posted Jun 17, 2019

tags | headline, government, usa, russia, cyberwar, scada
Evernote Critical Flaw Opened Personal Data Of Millions To Attack
Posted Jun 14, 2019

tags | headline, privacy, flaw, chrome
Spirit Confirms ASCO Industries Cyberattack
Posted Jun 14, 2019

tags | headline, malware, fraud
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close