Microsoft Security Bulletin MS03-046Vulnerability in Exchange Server Could Allow Arbitrary Code Execution | |
Download |
Microsoft Security Bulletin MS03-046 Ranking & Summary
Advertisement
- License:
- Update
- Price:
- Free
- Publisher Name:
- By Microsoft
- Operating Systems:
- Windows, Windows 98, Windows 2000, Windows XP
- Additional Requirements:
- Microsoft Exchange Server 5.5, Service Pack 4Microsoft Exchange 2000 Server, Service Pack 3
- File Size:
- list
- Total Downloads:
- 88
Microsoft Security Bulletin MS03-046 Tags
Microsoft Security Bulletin MS03-046 Description
In Exchange Server 5.5, a security vulnerability exists in the Internet Mail Service that could allow an unauthenticated attacker to connect to the SMTP port on an Exchange server and issue a specially-crafted extended verb request that could allocate a large amount of memory. This could shut down the Internet Mail Service or could cause the server to stop responding because of a low memory condition. In Exchange 2000 Server, a security vulnerability exists that could allow an unauthenticated attacker to connect to the SMTP port on an Exchange server and issue a specially-crafted extended verb request. That request could cause a denial of service that is similar to the one that could occur on Exchange 5.5. Additionally, if an attacker issues the request with carefully chosen data, the attacker could cause a buffer overrun that could allow the attacker to run malicious programs of their choice in the security context of the SMTP service.
Microsoft Security Bulletin MS03-046 Related Software