Info

Disclosure

May 08, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

May 08, 2007

Description

A remote code execution flaw exists in Exchange Server. It fails to validate base64-encoded content, allowing a specially crafted email to execute arbitrary code, resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Exchange Server	2000 SP3
		2003 SP1
		2003 SP2
		2007

References

Security Tracker: 1018015
CVE ID: 2007-0213 (see also: NVD)
Bugtraq ID: 23809
Secunia Advisory ID: 25183
CERT VU: 343145
Related OSVDB ID: 34389 34390 34392
Microsoft Knowledge Base Article: 931832
VUPEN Advisory: ADV-2007-1711
News Article: http://www.informationweek.com/news/showArticle.jhtml?articleID=199400216
Microsoft Security Bulletin: MS07-026

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/34391

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Exchange Server

References

Credit