Denial of Service in Microsoft's SMTP Service

Reported February 27, 2002, by Microsoft.

VERSIONS AFFECTED

 

·         Windows XP Professional

·         Windows 2000

·         Exchange Server 2000

 

DESCRIPTION
A Denial of Service (DoS) condition exists in the SMTP service of Windows XP Professional, Windows 2000, and Exchange 2000 Server. A vulnerability exists in how the service handles a particular type of SMTP command used to transfer incoming mail data. By issuing a malformed version of the SMTP command, an attacker can cause the SMTP service to fail.

 

VENDOR RESPONSE

The vendor, Microsoft, has released Security Bulletin MS02-012, which addresses this vulnerability, and recommends that affected users immediately apply the appropriate patch at the URL listed in Security Bulletin MS02-012.

 

CREDIT
Discovered by HD Moore.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish