CVE-2010-2567

Windows XP SP2/SP3 and Server 2003 SP2 - Remote Code Execution via Malformed RPC Response

Title source: llm
STIX 2.1

Description

The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7177

Scores

EPSS 0.0721
EPSS Percentile 93.5%

Details

CWE
CWE-94
Status published
Products (2)
microsoft/windows_server_2003
microsoft/windows_xp (2 CPE variants)
Published Sep 15, 2010
Tracked Since Feb 18, 2026