Microsoft SMTP Service And Exchange Routing Engine Buffer Overflow Vulnerability Network Vulnerability

Summary

The Microsoft Windows 2003 SMTP Service and Exchange Routing Engine have been reported prone to a buffer overflow. This occurs during the processing responses to DNS lookups. Successful exploitation could allow for remote code execution in the context of the vulnerable service.

Solution

Microsoft has released a bulletin that includes fixes to address this issue for supported versions of the operating system. Note that the fix for Exchange Server 2000 Service Pack 3 requires that the Exchange 2000 Server Post-Service Pack 3 (SP3) Update Rollup be installed as a prerequisite. See Knowledge Base article 870540 in the References section for further details on this rollup.

References

http://support.microsoft.com/kb/870540
http://www.microsoft.com/technet/security/bulletin/ms04-035.mspx
http://www.securityfocus.com/bid/11374

Updated on 2015-03-25

Severity

Classification

CVE CVE-2004-0840
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

CMailServer ActiveX Control Multiple Buffer Overflow Vulnerabilities
GNU glibc Remote Heap Buffer Overflow Vulnerability (Exim)
Sendmail DEBUG
IPSwitch IMail SMTP Buffer Overflow
A-V Tronics InetServ SMTP Denial of Service Vulnerability

Microsoft SMTP Service and Exchange Routing Engine Buffer Overflow Vulnerability

Take action and discover your vulnerabilities