Microsoft Exchange X-LINK2STATE buffer overflow

Added: 01/13/2006 CVE: CVE-2005-0560 BID: 13118 OSVDB: 15467 Background Microsoft Exchange is an e-mail server for Microsoft Windows operating systems. Problem A buffer overflow condition in the handling of the X-LINK2STATE extended verb could allow a remote attacker to execute arbitrary commands...

Microsoft Exchange X-LINK2STATE buffer overflow

Added: 01/13/2006 CVE: CVE-2005-0560 BID: 13118 OSVDB: 15467 Background Microsoft Exchange is an e-mail server for Microsoft Windows operating systems. Problem A buffer overflow condition in the handling of the X-LINK2STATE extended verb could allow a remote attacker to execute arbitrary commands...

CVE-2005-0560

Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port...

MS05-021 Microsoft Exchange X-LINK2STATE Heap Overflow PoC

Vulnerability Details ===================== The vulnerability is a heap overflow in SvrAppendReceivedChunk function which is located in xlsasink.dll. When transmitting large chunks with X-LINK2STATE verb it is possible to overflow the heap and perform arbitrary memory write in RtlAllocateHeap...

Microsoft Exchange Server - Remote Code Execution (MS05-021)

Microsoft Exchange Server - Remote Code Execution MS05-021 !/bin/perl MS05-021 Exchange X-LINK2STATE Heap Overflow Author: Evgeny Pinchuk For educational purposes only. Tested on: Windows 2000 Server SP4 EN Microsoft Exchange 2000 SP3 Thanks and greets: Halvar Flake thx for the right directions...