Microsoft Exchange Server Invalid MIME Header charset = "" DoS Vulnerability

Microsoft Exchange Server 5.0 and 5.5 are unable to process emails that contain malformed MIME headers with an empty value for charset. In the event that Exchange Server receives an email with an invalid MIME header, Exchange would cease to operate. Restarting the service and deleting the offending email would be required in order to regain normal functionality. In order to determine the offending email, restart Exchange. The hostile email would then appear at the front of the queue.

Exchange 2000 is not susceptible to this vulnerability.


Privacy Statement
Copyright 2010, SecurityFocus