Buffer Overrun in Microsoft Exchange Server 5.5

Reported July 24, 2002, by Microsoft.



  • Microsoft Exchange Server 5.5




A buffer overrun vulnerability exists in Microsoft Exchange Server 5.5 that can let an attacker remotely compromise the server. This vulnerability is the result of an unchecked buffer in the Internet Mail Connector (IMC) code that generates the response to the Extended Hello protocol command. If an attacker sends random data in a message in which the total length of the message exceeds a specific value, the data can overrun the buffer and cause the IMC to fail. If an attacker overruns the buffer with specific data, the attacker can run code under the security context of the IMC, which by default runs as an Exchange 5.5 Service Account.




The vendor, Microsoft, has released Security Bulletin MS02-037 ("Server Response To SMTP Client EHLO Command Results In Buffer Overrun") to address this vulnerability and recommends that affected users download and apply the appropriate patch mentioned in the bulletin.


Discovered by Dan Ingevaldson of Internet Security Systems.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.