Release DateNov 04, 2010 |
Severitycritical |
ImpactDenial of service |
DescriptionThis indicates an attack attempt against a denial-of-service vulnerability in the way Microsoft Exchange Server handles calendar content requests, known as iCal.The vulnerability is caused by a NULL pointer dereference error when the vulnerable software handles a specially crafted iCalendar object inside an email message. It allows a remote attacker to cause a denial of service. |
Affected ProductsMicrosoft Exchange Server 2007 0Microsoft Exchange Server 2003 SP2 Microsoft Exchange Server 2003 SP1 Microsoft Exchange Server 2003 Microsoft Exchange Server 2000 SP3 Microsoft Exchange Server 2000 SP2 Microsoft Exchange Server 2000 SP1 Microsoft Exchange Server 2000 |
Recommended ActionsApply the patch supplied by the vendor:http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-0039 |
Reference/shttp://technet.microsoft.com/en-us/security/bulletin/MS07-026.mspx (MS-ID)http://www.frsirt.com/english/advisories/2007/1711 (FrSIRT) http://www.securityfocus.com/bid/23808 (BugTraq) |
