Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:3A81130EC74F8D1E58BBF01412DAA563
HistoryJan 13, 2006 - 12:00 a.m.

Microsoft Exchange X-LINK2STATE buffer overflow

2006-01-1300:00:00
SAINT Corporation
www.saintcorporation.com
16

0.719 High

EPSS

Percentile

97.7%

JSON

Added: 01/13/2006
CVE: CVE-2005-0560
BID: 13118
OSVDB: 15467

Background

Microsoft Exchange is an e-mail server for Microsoft Windows operating systems.

Problem

A buffer overflow condition in the handling of the X-LINK2STATE extended verb could allow a remote attacker to execute arbitrary commands.

Resolution

Install the patch referenced in Microsoft Security Bulletin 05-021.

References

<http://www.microsoft.com/technet/security/bulletin/ms05-021.mspx&gt;

Limitations

Exploit works on Exchange 2000 SP3. Unauthenticated exploitation is not possible against Windows Server 2003. Since this is a heap-based buffer overflow, exploit may not be reliable. Automated penetration test might not be able to pick the correct Exchange target type since there is no way to determine it remotely.

Platforms

Windows 2000

Related

saint 3
cert 1
nessus 1
checkpoint_advisories 1
seebug 1
securityvulns 1
cve 1
canvas 1
saint
saint
Microsoft Exchange X-LINK2STATE buffer overflow
2006-01-13 00:00:00
Microsoft Exchange X-LINK2STATE buffer overflow
2006-01-13 00:00:00
Microsoft Exchange X-LINK2STATE buffer overflow
2006-01-13 00:00:00
cert
cert
Microsoft Exchange Server contains unchecked buffer in SMTP extended verb handling
2005-04-12 00:00:00
nessus
nessus
MS05-021: Vulnerability in SMTP Could Allow Remote Code Execution (894549)
2005-04-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Exchange Server Buffer Overflow (CVE-2005-0560)
2010-03-18 00:00:00
seebug
seebug
MS Exchange Server Remote Code Execution Exploit (MS05-021)
2005-04-19 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS05-021 Vulnerability in Exchange Server Could Allow Remote Code Execution &#40;894549&#41;
2005-04-13 00:00:00
cve
cve
CVE-2005-0560
2005-05-02 04:00:00
canvas
canvas
Immunity Canvas: MS05_021
2005-05-02 04:00:00

0.719 High

EPSS

Percentile

97.7%

JSON
Related for SAINT:3A81130EC74F8D1E58BBF01412DAA563
saint3cert1nessus1checkpoint_advisories1seebug1securityvulns1cve1canvas1