 |
|
|
|
Microsoft Exchange multiple security vulnerabilities
updated since 08.05.2007 | | Published: |  | 10.05.2007 | | Source: |  | MICROSOFT | | SecurityVulns ID: |  | 7680 | | Type: |  | remote | | Level: |  | 8/10 | | Description: |  | OWA crossite scripting, IMAP DoS, iCal parsing DoS, Base64 decoding memory corruption, IMAP DoS. |
| Affected: |  | MICROSOFT : Exchange 2000 | | | | MICROSOFT : Exchange 2003 | | | | MICROSOFT : Exchange 2007 | | CVE: |  | CVE-2007-0221 (Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability.") | | | | CVE-2007-0220 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".) | | | | CVE-2007-0213 (Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.) | | | | CVE-2007-0039 (The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.) |
|
|
|
|
|
|
|
|
