| Name | MS.Exchange.Server.Base64.MIME.Message.Code.Execution |
| Last Updated Date | Jun 25, 2009 |
| Release Date | May 22, 2007 |
| Severity | Critical |
| Impact | System Compromise: Remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attack attempt against a heap-overrun vulnerability in Microsoft Exchange Server.
The vulnerability is caused by improper decoding of some specially crafted email messages. A remote attacker could exploit this vulnerability by sending crafted base64-encoded MIME email message to execute arbitrary code using the privileges of the currently logged on user. |
| Affected Products | Microsoft Exchange Server 2007 0
Microsoft Exchange Server 2003 SP2
Microsoft Exchange Server 2003 SP1
Microsoft Exchange Server 2003
Microsoft Exchange Server 2000 SP3
Microsoft Exchange Server 2000 SP2
Microsoft Exchange Server 2000 SP1
Microsoft Exchange Server 2000
Avaya Messaging Application Server MM 3.1
Avaya Messaging Application Server MM 3.0
Avaya Messaging Application Server MM 2.0
Avaya Messaging Application Server 0 |
| Recommended Actions | Apply patch, available from the web site:
http://www.microsoft.com/technet/security/Bulletin/ms07-026.mspx |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-0213
|
| Microsoft Bulletin ID | MS07-026 http://www.microsoft.com/technet/security/Bulletin/ms07-026.mspx |
| Reference/s | http://www.securityfocus.com/bid/23809 (BugTraq)
|