vendor:
Exchange Server
by:
hdm, patrick
7.5
CVSS
HIGH
Heap Overflow
119
CWE
Product Name: Exchange Server
Affected Version From: Exchange 2000
Affected Version To: Exchange 2000
Patch Exists: YES
Related CWE: CVE-2003-0714
CPE: a:microsoft:exchange_server:2000
Platforms Tested: Windows
2003
MS03-046 Exchange 2000 XEXCH50 Heap Overflow
This is an exploit for the Exchange 2000 heap overflow. Due to the nature of the vulnerability, this exploit is not very reliable. This module has been tested against Exchange 2000 SP0 and SP3 running a Windows 2000 system patched to SP4. It normally takes between one and 100 connection attempts to successfully obtain a shell. This exploit is *very* unreliable.
Mitigation:
Apply the latest patches and updates for Exchange 2000 and Windows 2000. Upgrade to a newer version of Exchange and Windows if possible. Restrict network access to the affected systems.
