Skip navigation
Menu
Collaboration>Email and Calendaring

Arbitrary Code Execution Vulnerability in Microsoft Exchange Server

Reported October 15, 2003, by Microsoft.

VERSIONS AFFECTED

  • Microsoft Exchange 2000 Server Service Pack 3 (SP3)
  • Exchange Server 5.5 SP4

DESCRIPTION

·         A vulnerability in Exchange Server can result in a Denial of Service (DoS) condition or the execution of arbitrary code on the vulnerable system. This vulnerability stems from a flaw in the Internet Mail Service that can permit an unauthenticated attacker to connect to the SMTP port on an Exchange server and issue a specially crafted extended verb request. This scenario can result in the allocation of a large amount of memory and potentially cause a buffer overrun that could permit the attacker to run malicious programs in the security context of the SMTP service.

VENDOR RESPONSE

Microsoft has released security bulletin MS03-046, "Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436)," which addresses this vulnerability, and recommends that affected users immediately apply the appropriate patch listed in the bulletin.

CREDIT

Discovered by Joăo Gouveia.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
zoom logo
Zoom Releases New AI-Powered Collaboration Platform—Zoom Workspace—Plus Other Updates
Mar 26, 2024
person working from home using smart phone and notebook computer
Monitoring Employee Productivity, Balance Surveillance with Transparency
Jan 03, 2024
zoom logo on screens of laptop and smartphone device.jpg
At Zoomtopia, Small Businesses Share Transformation Stories
Oct 12, 2023
zoom logo
Zoom Unveils Docs, Upgrades Contact Center Offerings
Oct 03, 2023