CVE-2010-2566

Windows XP SP2/SP3 and Windows Server 2003 SP2 - Remote Code Execution via Malformed SSL Certificate Request

Title source: llm
STIX 2.1

Description

The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."

References (3)

Core 3
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11787

Scores

EPSS 0.1535
EPSS Percentile 96.4%

Details

CWE
CWE-20
Status published
Products (3)
microsoft/windows_2003_server (2 CPE variants)
microsoft/windows_server_2003
microsoft/windows_xp (2 CPE variants)
Published Aug 11, 2010
Tracked Since Feb 18, 2026