vendor:
Exchange Server
by:
Rootshell
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Exchange Server
Affected Version From: Microsoft Exchange 5.0
Affected Version To: Microsoft Exchange 2.71 SP1
Patch Exists: YES
Related CWE: N/A
CPE: a:microsoft:exchange_server
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
1998
Microsoft Exchange Server SMTP HELO Command Argument Buffer Overflow Vulnerability
It has been reported that Microsoft Exchange server is prone to an SMTP HELO command argument buffer overflow vulnerability. The issue presents itself likely due to insufficient bounds checking performed when handling malicious SMTP HELO command arguments of excessive length. It has been reported that a remote attacker may exploit this condition to trigger a denial of service in the affected daemon.
Mitigation:
Apply the latest security patches and updates to the affected system.