Описание
Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.
Ссылки
- Mailing ListThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party AdvisoryUS Government Resource
- Broken Link
- PatchThird Party AdvisoryUS Government Resource
- Broken Link
- PatchVendor Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party AdvisoryUS Government Resource
- Broken Link
- PatchThird Party AdvisoryUS Government Resource
- Broken Link
- PatchVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:exchange_server:2000:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2003:-:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.68274
Средний
7.5 High
CVSS2
Дефекты
CWE-787
Связанные уязвимости
github
почти 4 года назад
Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.
EPSS
Процентиль: 99%
0.68274
Средний
7.5 High
CVSS2
Дефекты
CWE-787