Exchange Server@2000 Security Vulnerabilities and Issues — Exchange Server@2000 CVE List

Lucene search

MicrosoftExchange Server2000

9 matches found

CVE•added 2007/05/08 11:19 p.m.•125 views

CVE-2007-0221

Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."

7.8CVSS6.5AI score0.6469EPSS

CVE•added 2006/01/10 10:3 p.m.•115 views

CVE-2006-0002

Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to messa...

7.5CVSS7.3AI score0.53039EPSS

CVE•added 2005/05/02 4:0 a.m.•57 views

CVE-2005-0560

Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.

7.5CVSS7.8AI score0.65719EPSS

CVE•added 2006/05/10 2:10 a.m.•54 views

CVE-2006-0027

Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.

7.5CVSS7.4AI score0.86629EPSS

CVE•added 2003/11/17 5:0 a.m.•50 views

CVE-2003-0714

The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000.

7.5CVSS7AI score0.65881EPSS

CVE•added 2007/05/08 11:19 p.m.•49 views

CVE-2007-0039

The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in whi...

7.8CVSS6.4AI score0.37959EPSS

CVE•added 2001/01/22 5:0 a.m.•48 views

CVE-2000-1139

The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.

7.5CVSS7AI score0.05316EPSS

CVE•added 2005/10/13 10:2 a.m.•47 views

CVE-2005-1987

Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.

7.5CVSS7.7AI score0.61142EPSS

CVE•added 2001/09/18 4:0 a.m.•44 views

CVE-2001-0340

An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.

7.5CVSS6.6AI score0.06264EPSS