Release DateMay 22, 2007 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a heap-overrun vulnerability in Microsoft Exchange Server.The vulnerability is caused by improper decoding of some specially crafted email messages. A remote attacker could exploit this vulnerability by sending crafted base64-encoded MIME email message to execute arbitrary code using the privileges of the currently logged on user. |
Affected ProductsMicrosoft Exchange Server 2007 0Microsoft Exchange Server 2003 SP2 Microsoft Exchange Server 2003 SP1 Microsoft Exchange Server 2003 Microsoft Exchange Server 2000 SP3 Microsoft Exchange Server 2000 SP2 Microsoft Exchange Server 2000 SP1 Microsoft Exchange Server 2000 Avaya Messaging Application Server MM 3.1 Avaya Messaging Application Server MM 3.0 Avaya Messaging Application Server MM 2.0 Avaya Messaging Application Server 0 |
Recommended ActionsApply patch, available from the web site:http://www.microsoft.com/technet/security/Bulletin/ms07-026.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-0213 |
Reference/shttp://www.securityfocus.com/bid/23809 (BugTraq)http://www.microsoft.com/technet/security/Bulletin/ms07-026.mspx (MS-ID) |
