CVE-2010-2566 Information

Description

The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate certificate request messages from TLS and SSL servers which allows remote servers to execute arbitrary code via a crafted SSL response aka \SChannel Malformed Certificate Request Remote Code Execution Vulnerability.\

Reference

http://www.us-cert.gov/cas/techalerts/TA10-222A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11787