Microsoft Exchange Server Buffer Overflow Vulnerability

Microsoft has announced that Exchange Server is affected by a remotely exploitable buffer overflow condition. The overflow can be triggered remotely by unauthenticated SMTP clients. The source of the issue appears to be in how the XEXCH50 verb is handled by the server. Microsoft has stated that remote code execution is possible on hosts running Exchange 2000 Server. Servers running Exchange Server 5.0 and 5.5 are vulnerable to a denial of service attack.


 

Privacy Statement
Copyright 2010, SecurityFocus