• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft IIS SMTP Service Encapsulated SMTP Address Vulnerability

Solution:
Microsoft announced and released patches for this vulnerability in 1999. At that time it was not reported that the SMTP service for IIS is also affected. Patches were not issued and are not available as of this writing. This record will be updated as soon as patch information is available.

** It has been reported that this issue may be repaired in IIS 5.0 by installing the most recent cumulative patch for IIS, though this has not been confirmed by Microsoft.

The patches (released in 1999) for Exchange Server are listed below. Note that the appropriate service pack must be installed prior to installing these patches:


Microsoft Exchange Server 5.5 SP2

• Microsoft psp2imca.zip
  ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exch g5.5/PostSP2/imc-fix/psp2imca.zip


• Microsoft psp2imci.zip
  ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exch g5.5/PostSP2/imc-fix/psp2imci.zip

Microsoft IIS 5.0

• Microsoft Q327696: Internet Information Services Security Roll-up Package
  http://www.microsoft.com/windows2000/downloads/security/q327696/defaul t.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43296%26red irect%3Dno