Microsoft Exchange Server MIME Decoding Remote Code Execution

2007-05-08T19:14:45
ID OSVDB:34391
Type osvdb
Reporter OSVDB
Modified 2007-05-08T19:14:45

Description

Vulnerability Description

A remote code execution flaw exists in Exchange Server. It fails to validate base64-encoded content, allowing a specially crafted email to execute arbitrary code, resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A remote code execution flaw exists in Exchange Server. It fails to validate base64-encoded content, allowing a specially crafted email to execute arbitrary code, resulting in a loss of integrity.

References:

Security Tracker: 1018015 Secunia Advisory ID:25183 Related OSVDB ID: 34392 Related OSVDB ID: 34389 Related OSVDB ID: 34390 News Article: http://www.informationweek.com/news/showArticle.jhtml?articleID=199400216 Microsoft Security Bulletin: MS07-026 Microsoft Knowledge Base Article: 931832 FrSIRT Advisory: ADV-2007-1711 CVE-2007-0213 CERT VU: 343145 Bugtraq ID: 23809