• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Exchange Server TNEF Decoding Remote Code Execution Vulnerability

Solution:
The vendor has released an advisory along with fixes to address this issue. Please see the references for more information.


Microsoft Exchange Server 2000 SP3

• Microsoft Security Update for Exchange 2000 Server (KB959897)
  http://www.microsoft.com/downloads/details.aspx?familyid=805dc856-ea60 -477d-be40-6ac535a7e7e5

Microsoft Exchange Server 2007 SP 1

• Microsoft Update Rollup 6 for Exchange Server 2007 Service Pack 1 (KB959241)
  http://www.microsoft.com/downloads/details.aspx?familyid=93cb3f66-ae72 -4356-bdbf-35029cff6df1

Microsoft Exchange Server 2003 SP2

• Microsoft Security Update for Exchange Server 2003 Service Pack 2 (KB959897)
  http://www.microsoft.com/downloads/details.aspx?familyid=1d9f0956-88bd -4e13-a86b-b1c8d4782f71

Microsoft Exchange Server MAPI Client 1.2.1

• Microsoft Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1
  http://www.microsoft.com/downloads/details.aspx?FamilyID=E17E7F31-079A -43A9-BFF2-0A110307611E&displaylang=en