The Microsoft Windows 2003 SMTP Service and Exchange Routing Engine have been reported prone to a buffer overflow. This occurs during the processing responses to DNS lookups. Successful exploitation could allow for remote code execution in the context of the vulnerable service.
Microsoft has released a bulletin that includes fixes to address this issue for supported versions of the operating system. Note that the fix for Exchange Server 2000 Service Pack 3 requires that the Exchange 2000 Server Post-Service Pack 3 (SP3) Update Rollup be installed as a prerequisite. See Knowledge Base article 870540 in the References section for further details on this rollup.
- Microsoft SMTP Service and Exchange Routing Engine Buffer Overflow Vulnerability
- SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability
- Generic SMTP overflows
- GNU glibc Remote Heap Buffer Overflow Vulnerability (Exim)
- Sendmail 8.8.8 to 8.12.7 Double Pipe Access Validation Vulnerability