{"cve": [{"lastseen": "2017-10-11T11:06:58", "references": ["http://www.securityfocus.com/archive/1/archive/1/468871/100/200/threaded", "http://www.vupen.com/english/advisories/2007/1711", "http://www.us-cert.gov/cas/techalerts/TA07-128A.html", "http://www.kb.cert.org/vuls/id/124113", "http://www.securityfocus.com/bid/23806", "http://www.securitytracker.com/id?1018015", "https://exchange.xforce.ibmcloud.com/vulnerabilities/33887", "http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx"], "description": "Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an \"incorrectly handled UTF character set label\".", "edition": 3, "reporter": "NVD", "published": "2007-05-08T19:19:00", "title": "CVE-2007-0220", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:06:58", "vector": "NONE", "value": 6.8}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:1371", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1371"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-0220"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:1371", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1371"}], "modified": "2017-10-10T21:31:35", "cpe": ["cpe:/a:microsoft:exchange_server:2003:sp1", "cpe:/a:microsoft:exchange_server:2003:sp2", "cpe:/a:microsoft:exchange_server:2000:sp3"], "id": "CVE-2007-0220", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0220", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-11T11:06:57", "references": ["http://www.securityfocus.com/archive/1/archive/1/468047/100/0/threaded", "http://www.securityfocus.com/archive/1/archive/1/468871/100/200/threaded", "https://exchange.xforce.ibmcloud.com/vulnerabilities/33888", "http://www.determina.com/security.research/vulnerabilities/exchange-ical-modprops.html", "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063232.html", "http://www.securityfocus.com/bid/23808", "http://www.vupen.com/english/advisories/2007/1711", "http://www.us-cert.gov/cas/techalerts/TA07-128A.html", "http://www.securitytracker.com/id?1018015", "http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx"], "description": "The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.", "edition": 3, "reporter": "NVD", "published": "2007-05-08T19:19:00", "title": "CVE-2007-0039", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:06:57", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:1593", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1593"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-0039"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:1593", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1593"}], "modified": "2017-10-10T21:31:33", "cpe": ["cpe:/a:microsoft:exchange_server:2003:sp1", "cpe:/a:microsoft:exchange_server:2003:sp2", "cpe:/a:microsoft:exchange_server:2000:sp3", "cpe:/a:microsoft:exchange_server:2007"], "id": "CVE-2007-0039", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0039", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-10-11T11:06:58", "references": ["http://www.kb.cert.org/vuls/id/343145", "http://www.securityfocus.com/archive/1/archive/1/468871/100/200/threaded", "http://www.securityfocus.com/bid/23809", "http://www.vupen.com/english/advisories/2007/1711", "https://exchange.xforce.ibmcloud.com/vulnerabilities/33889", "http://www.us-cert.gov/cas/techalerts/TA07-128A.html", "http://www.securitytracker.com/id?1018015", "http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx"], "description": "Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.", "edition": 3, "reporter": "NVD", "published": "2007-05-08T19:19:00", "title": "CVE-2007-0213", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:06:58", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:1890", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1890"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-0213"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:1890", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1890"}], "modified": "2017-10-10T21:31:35", "cpe": ["cpe:/a:microsoft:exchange_server:2003:sp1", "cpe:/a:microsoft:exchange_server:2003:sp2", "cpe:/a:microsoft:exchange_server:2000:sp3", "cpe:/a:microsoft:exchange_server:2007"], "id": "CVE-2007-0213", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0213", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-11T11:06:58", "references": ["http://www.securityfocus.com/archive/1/archive/1/468871/100/200/threaded", "http://www.securityfocus.com/bid/23810", "https://exchange.xforce.ibmcloud.com/vulnerabilities/33890", "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=526", "http://www.vupen.com/english/advisories/2007/1711", "http://www.us-cert.gov/cas/techalerts/TA07-128A.html", "http://www.securitytracker.com/id?1018015", "http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx"], "description": "Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the \"IMAP Literal Processing Vulnerability.\"", "edition": 3, "reporter": "NVD", "published": "2007-05-08T19:19:00", "title": "CVE-2007-0221", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:06:58", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:2054", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2054"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-0221"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:2054", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:2054"}], "modified": "2017-10-10T21:31:35", "cpe": ["cpe:/a:microsoft:exchange_server:2000:sp3"], "id": "CVE-2007-0221", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0221", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:42:24", "references": ["https://technet.microsoft.com/library/security/MS07-026"], "pluginID": "25165", "description": "The remote host is running a version of exchange that is vulnerable to a bug in the iCal attachment and MIME decoding routines, as well as in the IMAP literal processing and in OWA.\n\nThese vulnerabilities could allow an attacker execute arbitrary code on the remote host.", "edition": 6, "reporter": "Tenable", "published": "2007-05-08T00:00:00", "title": "MS07-026: Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (931832)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0039", "CVE-2007-0221", "CVE-2007-0220", "CVE-2007-0213"], "modified": "2018-07-27T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:exchange_server"], "id": "SMB_NT_MS07-026.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25165", "sourceData": "#\n# Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25165);\n script_version(\"1.29\");\n script_cvs_date(\"Date: 2018/07/27 18:38:16\");\n\n script_cve_id(\"CVE-2007-0220\", \"CVE-2007-0039\", \"CVE-2007-0213\", \"CVE-2007-0221\");\n script_bugtraq_id(23806, 23808, 23809, 23810);\n script_xref(name:\"IAVA\", value:\"2007-A-0031\");\n script_xref(name:\"MSFT\", value:\"MS07-026\");\n script_xref(name:\"MSKB\", value:\"931832\");\n script_xref(name:\"MSKB\", value:\"935490\");\n \n script_xref(name:\"CERT\", value:\"124113\");\n script_xref(name:\"CERT\", value:\"343145\");\n\n script_name(english:\"MS07-026: Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (931832)\");\n script_summary(english:\"Determines the version of Exchange\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Arbitrary code can be executed on the remote host through the email server.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of exchange that is vulnerable\nto a bug in the iCal attachment and MIME decoding routines, as well\nas in the IMAP literal processing and in OWA.\n\nThese vulnerabilities could allow an attacker execute arbitrary code on the\nremote host.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/library/security/MS07-026\");\n script_set_attribute(attribute:\"solution\", value:\"Microsoft has released a set of patches for Exchange 2000 and 2003.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:exchange_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n exit(0);\n}\n\n\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\n\n\ninclude(\"misc_func.inc\");\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS07-026';\nkbs = make_list(\"931832\", \"935490\");\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\n\nversion = get_kb_item (\"SMB/Exchange/Version\");\nif ( !version ) exit (0);\n\nport = get_kb_item (\"SMB/transport\");\n\n\n# 2000\nif (version == 60)\n{\n sp = get_kb_item (\"SMB/Exchange/SP\");\n rootfile = get_kb_item(\"SMB/Exchange/Path\");\n if ( ! rootfile || ( sp && sp > 4) ) exit(0);\n rootfile = rootfile + \"\\bin\";\n if ( hotfix_check_fversion(path:rootfile, file:\"Cdoex.dll\", version:\"6.0.6619.12\", bulletin:bulletin, kb:'931832') == HCF_OLDER ) {\n set_kb_item(name:\"SMB/Missing/MS07-026\", value:TRUE);\n hotfix_security_hole();\n }\n\n hotfix_check_fversion_end();\n}\n# 2003\nelse if (version == 65)\n{\n sp = get_kb_item (\"SMB/Exchange/SP\");\n rootfile = get_kb_item(\"SMB/Exchange/Path\");\n if ( ! rootfile || ( sp && sp > 2) ) exit(0);\n rootfile = rootfile + \"\\bin\";\n if (!sp || sp < 1) {\n set_kb_item(name:\"SMB/Missing/MS07-026\", value:TRUE);\n hotfix_security_hole();\n }\n else if (sp == 2)\n {\n if ( hotfix_check_fversion(path:rootfile, file:\"Cdoex.dll\", version:\"6.5.7652.24\", bulletin:bulletin, kb:'931832') == HCF_OLDER ) {\n set_kb_item(name:\"SMB/Missing/MS07-026\", value:TRUE);\n hotfix_security_hole();\n }\n }\n else if (sp == 1)\n {\n if ( hotfix_check_fversion(path:rootfile, file:\"Cdoex.dll\", version:\"6.5.7235.2\", bulletin:bulletin, kb:'931832') == HCF_OLDER ) {\n set_kb_item(name:\"SMB/Missing/MS07-026\", value:TRUE);\n hotfix_security_hole();\n }\n }\n\n hotfix_check_fversion_end();\n}\nelse if (version == 80)\n{\n sp = get_kb_item (\"SMB/Exchange/SP\");\n rootfile = get_kb_item(\"SMB/Exchange/Path\");\n if ( ! rootfile || ( sp && sp > 0 ) ) exit(0);\n rootfile = rootfile + \"\\bin\";\n if ( hotfix_check_fversion(path:rootfile, file:\"Exmime.dll\", version:\"8.0.709.0\", bulletin:bulletin, kb:'935490') == HCF_OLDER ) {\n set_kb_item(name:\"SMB/Missing/MS07-026\", value:TRUE);\n hotfix_security_hole();\n }\n\n hotfix_check_fversion_end();\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:22", "references": [], "description": "Microsoft Security Bulletin MS07-026\r\nVulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)\r\nPublished: May 8, 2007\r\n\r\nVersion: 1.0\r\nSummary\r\n\r\nWho Should Read this Document: Customers who use Microsoft Exchange Server\r\n\r\nImpact of Vulnerability: Remote Code Execution\r\n\r\nMaximum Severity Rating: Critical\r\n\r\nRecommendation: Customers should apply the update immediately\r\n\r\nSecurity Update Replacement: This bulletin replaces two prior security updates. See the Frequently Asked Questions (FAQ) section of this bulletin for details.\r\n\r\nTested Software and Security Update Download Locations:\r\n\r\nAffected Software:\r\n\u2022\t\r\n\r\nMicrosoft Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004 \u2014 Download the update (KB931832)\r\n\u2022\t\r\n\r\nMicrosoft Exchange Server 2003 Service Pack 1 \u2014 Download the update (KB931832)\r\n\u2022\t\r\n\r\nMicrosoft Exchange Server 2003 Service Pack 2 \u2014 Download the update (KB931832)\r\n\u2022\t\r\n\r\nMicrosoft Exchange Server 2007 \u2014 Download the update (KB935490)\r\n\r\nThe software in this list has been tested to determine whether the versions are affected. Other versions are either past their support life cycle or are not affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site.\r\nTop of sectionTop of section\r\nGeneral Information\r\n\t\r\nExecutive Summary\r\n\r\nExecutive Summary:\r\n\r\nThis update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.\r\n\r\nAn attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\r\n\r\nWe recommend that customers apply the update immediately.\r\n\r\nSeverity Ratings and Vulnerability Identifiers:\r\nVulnerability Identifiers\tImpact of Vulnerability\tMicrosoft Exchange 2000 Server Service Pack 3\tMicrosoft Exchange Server 2003 Service Pack 1 and Microsoft Exchange Server 2003 Service Pack 2\tMicrosoft Exchange Server 2007\r\n\r\nOutlook Web Access Script Injection Vulnerability - CVE-2007-0220\r\n\t\r\n\r\nInformation Disclosure\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nNone\r\n\r\nMalformed iCal Vulnerability - CVE-2007-0039\r\n\t\r\n\r\nDenial of Service\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nImportant\r\n\r\nMIME Decoding Vulnerability - CVE-2007-0213\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nCritical\r\n\r\nIMAP Literal Processing Vulnerability - CVE-2007-0221\r\n\t\r\n\r\nDenial of Service\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nNone\r\n\r\nAggregate Severity of All Vulnerabilities\r\n\t\r\n\r\n \r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nCritical\r\n\r\nThis assessment is based on the types of systems that are affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them.\r\nTop of sectionTop of section\r\n\t\r\nFrequently Asked Questions (FAQ) Related to This Security Update\r\n\r\nWhat is different about the Microsoft Exchange Server2007 update from Microsoft Exchange Server 2000 and Microsoft Exchange Server 2003?\r\nWith the release of Microsoft Exchange 2007, Microsoft Exchange is moving to a new servicing model. For better understanding of the Microsoft Exchange servicing model, please see the Exchange 2007 product documentation. For questions regarding the new Exchange servicing model, please contact Microsoft Product Support Services.\r\n\r\nWhat updates does this release replace?\r\nThis security update replaces two prior security updates. The security bulletin IDs and affected operating systems are listed in the following table.\r\nBulletin ID\tMicrosoft Exchange 2000 Server Service Pack 3\tMicrosoft Exchange Server 2003 Service Pack 1 and Microsoft Exchange Server 2003 Service Pack 2\tMicrosoft Exchange Server 2007\r\n\r\nMS06-019\r\n\t\r\n\r\nReplaced\r\n\t\r\n\r\nReplaced\r\n\t\r\n\r\nNot Applicable\r\n\r\nMS06-029\r\n\t\r\n\r\nReplaced\r\n\t\r\n\r\nReplaced\r\n\t\r\n\r\nNot Applicable\r\n\r\nCan I use the Microsoft Baseline Security Analyzer (MBSA) to determine whether this update is required?\r\nThe following table provides the MBSA detection summary for this security update.\r\nProduct\tMBSA 1.2.1\tMBSA 2.0.1\r\n\r\nMicrosoft Exchange 2000 Server Service Pack 3\r\n\t\r\n\r\nYes\r\n\t\r\n\r\nYes\r\n\r\nMicrosoft Exchange Server 2003 Service Pack 1 and Microsoft Exchange Server 2003 Service Pack 2\r\n\t\r\n\r\nYes\r\n\t\r\n\r\nYes\r\n\r\nMicrosoft Exchange Server 2007\r\n\t\r\n\r\nNo\r\n\t\r\n\r\nYes\r\n\r\nFor more information about MBSA, visit the MBSA Web site. For more information about the programs that Microsoft Update and MBSA 2.0 currently do not detect, see Microsoft Knowledge Base Article 895660.\r\n\r\nFor more detailed information, see Microsoft Knowledge Base Article 910723: Summary list of monthly detection and deployment guidance articles.\r\n\r\nCan I use Systems Management Server (SMS) to determine whether this update is required?\r\nThe following table provides the SMS detection summary for this security update.\r\nProduct\tSMS 2.0\tSMS 2003\r\n\r\nMicrosoft Exchange 2000 Server Service Pack 3\r\n\t\r\n\r\nYes\r\n\t\r\n\r\nYes\r\n\r\nMicrosoft Exchange Server 2003 Service Pack 1 and Microsoft Exchange Server 2003 Service Pack 2\r\n\t\r\n\r\nYes\r\n\t\r\n\r\nYes\r\n\r\nMicrosoft Exchange Server 2007\r\n\t\r\n\r\nNo\r\n\t\r\n\r\nYes\r\n\r\nSMS 2.0 and SMS 2003 Software Update Services (SUS) Feature Pack can use MBSA 1.2.1 for detection and therefore have the same limitation that is listed earlier in this bulletin related to programs that MBSA 1.2.1 does not detect.\r\n\r\nFor SMS 2.0, the SMS SUS Feature Pack, which includes the Security Update Inventory Tool (SUIT), can be used by SMS to detect security updates. SMS SUIT uses the MBSA 1.2.1 engine for detection. For more information about SUIT, visit the following Microsoft Web site. For more information about the limitations of SUIT, see Microsoft Knowledge Base Article 306460. The SMS SUS Feature Pack also includes the Microsoft Office Inventory Tool to detect required updates for Microsoft Office applications.\r\n\r\nFor SMS 2003, the SMS 2003 Inventory Tool for Microsoft Updates (ITMU) can be used by SMS to detect security updates that are offered by Microsoft Update and that are supported by Windows Server Update Services. For more information about the SMS 2003 ITMU, visit the following Microsoft Web site. SMS 2003 can also use the Microsoft Office Inventory Tool to detect required updates for Microsoft Office applications.\r\n\r\nFor more information about SMS, visit the SMS Web site.\r\n\r\nFor more detailed information, see Microsoft Knowledge Base Article 910723: Summary list of monthly detection and deployment guidance articles.\r\nTop of sectionTop of section\r\n\t\r\nVulnerability Details\r\n\t\r\nOutlook Web Access Script Injection Vulnerability - CVE-2007-0220:\r\n\r\nAn information disclosure vulnerability exists in Microsoft Exchange in the way that Outlook Web Access (OWA) handles script-based attachments. An attached script could spoof content, disclose information, or take any action that the user could take within the context of the OWA session.\r\n\t\r\nMitigating Factors for Outlook Web Access Script Injection Vulnerability - CVE-2007-0220:\r\n\u2022\t\r\n\r\nThe vulnerability could not be exploited automatically through e-mail. For an attack to be successful an attacker must e-mail a specially crafted file to a user and convince the user to open the file within an authenticated OWA session.\r\n\u2022\t\r\n\r\nMicrosoft Exchange Server 2007 is not affected by this vulnerability.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for Outlook Web Access Script Injection Vulnerability - CVE-2007-0220:\r\n\r\nMicrosoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.\r\n\u2022\t\r\n\r\nDisable Outlook Web Access (OWA) on a computer running Exchange Server.\r\n\r\nDisabling Outlook Web Access helps protect the affected system from attempts to exploit this vulnerability. To disable Outlook Web Access, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nClick Start, point to All Programs, point to Microsoft Exchange, and then click System Manager.\r\n\r\n2.\r\n\t\r\n\r\nExpand Servers, expand Server, expand Protocols, and then expand HTTP.\r\n\r\n3.\r\n\t\r\n\r\nRight-click Exchange Virtual Server, and then click Stop.\r\n\r\nNote A red cross will appear over the Exchange Virtual Server icon, indicating it has been stopped. From now on, users will see a The Page Cannot Be Displayed error message when they try to access their e-mail through OWA.\r\n\r\nImpact of workaround: This workaround prevents users from accessing their mailboxes through Outlook Web Access (OWA), Outlook Mobile Access (OMA) and Exchange Server ActiveSync.\r\n\u2022\t\r\n\r\nBlock HTML Attachment as Level2 Type in Outlook Web Access (OWA).\r\n\r\nSet Outlook Web Access to save HTML attachments locally before they are opened. This enables Internet Explorer to check for active content and warn the user before opening the attachment.\r\n\r\nWarning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use the Registry Editor at your own risk.\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWEB\OWA\r\n\r\nUpdate "Level2MIMETypes" to include \u201dtext/html\u201d\r\n\r\nUpdate \u201cLevel2FileTypes\u201d to include \u201dhtm,html\u201d\r\n\r\nYou can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, visit the following Microsoft Web sites:\r\n\r\nGroup Policy collection\r\n\r\nWhat is Group Policy Object Editor?\r\n\r\nCore Group Policy tools and settings\r\n\r\nNote You must restart Internet Explorer for your changes to take effect.\r\n\r\nImpact of workaround: The Outlook Web Access client has to save the HTML attachment locally before it could be opened.\r\n\u2022\t\r\n\r\nBlock HTML Attachment as Level1 Type in Outlook Web Access (OWA).\r\n\r\nSet Outlook Web Access to block the ability to save HTML attachments locally.\r\n\r\nWarning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use the Registry Editor at your own risk.\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWEB\OWA\r\n\r\nUpdate "Level1MIMETypes" to include \u201dtext/html\u201d\r\n\r\nUpdate \u201cLevel1FileTypes\u201d to include \u201dhtm,html\u201d\r\n\r\nYou can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, visit the following Microsoft Web sites:\r\n\r\nGroup Policy collection\r\n\r\nWhat is Group Policy Object Editor?\r\n\r\nCore Group Policy tools and settings\r\n\r\nNote You must restart Internet Explorer for your changes to take effect.\r\n\r\nImpact of workaround: The Outlook Web Access client will not be able to retrieve HTML attachment. Access is totally blocked.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for Outlook Web Access Script Injection Vulnerability - CVE-2007-0220:\r\n\r\nWhat is the scope of the vulnerability?\r\nA script injection vulnerability exists that could allow an attacker to run a script supplied by the attacker. If this script were run, it would run in the security context of the OWA user on the client system. The script could take any action on the user's computer that the Web site was authorized to take. These actions could include monitoring the user\u2019s Web session and forwarding information to a third party, running other code on the user's system, and reading or writing cookies.\r\n\r\nWhat causes the vulnerability?\r\nAn incorrectly handled UTF character set label in Outlook Web Access could allow unauthorized scripts to run.\r\n\r\nWhat is Outlook Web Access?\r\nMicrosoft Outlook Web Access (OWA) is a service of Exchange Server. By using OWA, a server that is running Exchange Server can also function as a Web site that lets authorized users read and send e-mail, manage their calendar, and perform other e-mail functions over the Internet.\r\n\r\nWhat might an attacker use the vulnerability to do?\r\nAn attacker who successfully exploited this vulnerability could gain access to the Outlook Web Access session in the security context of the exploited user. The attacker could then change, delete, forward e-mail, or perform other actions on behalf of the logged on user.\r\n\r\nHow could an attacker exploit the vulnerability?\r\nAn attacker could exploit the vulnerability by e-mailing a specially-crafted file to the user and by persuading the user to open the file within an authenticated OWA session.\r\n\r\nWhat systems are primarily at risk from the vulnerability?\r\nUsers who are using Microsoft Exchange Outlook Web Access to read e-mail are primarily at risk.\r\n\r\nWhat does the update do?\r\nThe update removes the vulnerability by changing the way that Outlook Web Access handles UTF encoded attachments.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed?\r\nNo. Microsoft received information about this vulnerability through responsible disclosure. Microsoft had not received any information to indicate that this vulnerability had been publicly disclosed when this security bulletin was originally issued.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?\r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.\r\nTop of sectionTop of section\r\nTop of sectionTop of section\r\n\t\r\nMalformed iCal Vulnerability - CVE-2007-0039:\r\n\r\nA denial of service vulnerability exists in Microsoft Exchange Server because of the way that it handles calendar content requests. An attacker could exploit the vulnerability by sending an e-mail message with specially crafted iCal file to a Microsoft Exchange Server user account. An attacker successfully exploiting this vulnerability could cause the mail service to stop responding.\r\n\t\r\nMitigating Factors for Malformed iCal Vulnerability - CVE-2007-0039:\r\n\r\nWe have not identified any mitigations for this vulnerability.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for Malformed iCal Vulnerability - CVE-2007-0039:\r\n\r\nMicrosoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.\r\n\u2022\t\r\n\r\nRequire authentication for connections to a server that is running Microsoft Exchange Server for all client and message transport protocols\r\n\r\nRequiring authentication for all connections made to the Exchange Server computer will help protect against anonymous attacks. This will not protect against an attack from a user who can successfully authenticate.\r\n\r\nImpact of workaround: Anonymous communication from clients through IMAP, POP3, HTTP, LDAP, SMTP, and NNTP will no longer be possible. Server to server anonymous communication through RPC, X.400, foreign gateway, and third-party connector protocols will also no longer be possible. In default configurations of Exchange Server, authenticated access is required for all protocols except SMTP. If all text/calendar MIME type message parts and the meeting.ics file are blocked, anonymous SMTP connections could still be accepted.\r\n\u2022\t\r\n\r\nBlock iCal on Microsoft Exchange Server to help protect against attempts to exploit this vulnerability through SMTP e-mail\r\n\r\nSystems can be configured to block certain types of files from being received as e-mail attachments. Meeting requests, typically used in Outlook, contain a file attachment that stores the meeting information. This file attachment is usually named meeting.ics. Blocking this file, and blocking the calendar MIME type, could help protect Exchange Servers and other affected programs from attempts to exploit this vulnerability if customers cannot install the available security update. To help protect an Exchange Server computer from attacks through SMTP, block the .ics files and all text/calendar MIME type content before it reaches the Exchange Server computer.\r\n\r\nNote Exchange supports other messaging protocols, such as X.400, that these workarounds do not protect. We recommend that administrators require authentication on all other client and message transport protocols to help prevent attacks using these protocols.\r\n\r\nNote Filtering only for attachments that have the file name meeting.ics may not be sufficient to help protect your system. A specially crafted file attachment could be given another file name that could then be processed by the Exchange Server computer. To help protect against specially crafted e-mail messages, block all text/calendar MIME type content.\r\n\r\nThere are many ways to block the meeting.ics file and other calendar content. Here are some suggestions:\r\n\u2022\t\r\n\r\nYou can use ISA Server 2000 SMTP Message Screener to block all file attachments or to block only the meeting.ics file. Blocking all file attachments provides the most protection for this issue if you use ISA Server 2000 because ISA Server 2000 does not support blocking content based on MIME content types. For more information, see Microsoft Knowledge Base Article 315132.\r\n\u2022\t\r\n\r\nYou can use ISA Server 2000 SMTP Filter to block all file attachments or to block only the meeting.ics file. Blocking all file attachments provides the most protection for this issue if you use ISA Server 2000 because ISA Server 2000 does not support blocking content based on MIME content types. For more information, see Microsoft Knowledge Base Article 320703.\r\n\u2022\t\r\n\r\nYou can use ISA Server 2004 SMTP Filter and Message Screener block all file attachments or just the meeting.ics file. Blocking all file attachments provides the most protection for this issue if you use ISA Server 2004 because ISA Server 2004 does not support blocking content based on MIME content types. For more information, see Microsoft Knowledge Base Article 888709.\r\n\u2022\t\r\n\r\nYou can use third-party e-mail filters to block all text/calendar MIME type content before it is sent to the Exchange Server computer or to a vulnerable application.\r\n\r\nImpact of workaround: If calendar attachments are blocked, meeting requests will not be received correctly. In some cases, users could receive blank e-mail messages instead of the original meeting request. In other cases, users may not receive meeting requests at all. Perform this workaround only if you cannot install the available security update or if a security update is not publicly available for your configuration.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for Malformed iCal Vulnerability - CVE-2007-0039:\r\n\r\nWhat is the scope of the vulnerability?\r\nThis is a denial of service vulnerability. An attacker who successfully exploited this vulnerability could cause the e-mail service to stop responding on a Microsoft Exchange Server. During that time, the Exchange Server cannot respond to user requests to access, send, or receive e-mail. The Microsoft Exchange Information Store service must be restarted to regain its functionality.\r\n\r\nWhat causes the vulnerability?\r\nEXCDO functionality provided with Exchange Server does not properly process certain iCal properties provided in email messages.\r\n\r\nWhat is EXCDO?\r\nExchange Collaboration Data Objects (EXCDO) is an interface that allows for certain types of information to be processed in the Exchange store.\r\n\r\nWhat is iCAL?\r\nInternet Calendar (iCAL) is a MIME content type used by Microsoft Exchange Server and e-mail clients when sending and exchanging information related to calendars and scheduling.\r\n\r\nWhat might an attacker use the vulnerability to do?\r\nAn attacker who successfully exploited this vulnerability could cause the e-mail service to stop responding on a Microsoft Exchange Server. During that time, the Exchange Server cannot respond to user requests to access, send, or receive e-mail. The Microsoft Exchange Information Store service must be restarted to regain its functionality.\r\n\r\nHow could an attacker exploit the vulnerability?\r\nAn attacker could try to exploit the vulnerability by creating a specially crafted iCal file and sending an e-mail message with the file to a user account connected configured for a Microsoft Exchange Server. An attacker successfully exploiting this vulnerability could cause the mail service to stop responding.\r\n\r\nWhat systems are primarily at risk from the vulnerability?\r\nMicrosoft Exchange Servers are primarily at risk from this vulnerability.\r\n\r\nWhat does the update do?\r\nThe update removes the vulnerability by modifying the way Exchange Server processes messages with iCal properties.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed?\r\nNo. Microsoft received information about this vulnerability through responsible disclosure. Microsoft had not received any information to indicate that this vulnerability had been publicly disclosed when this security bulletin was originally issued.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?\r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.\r\nTop of sectionTop of section\r\nTop of sectionTop of section\r\n\t\r\nMIME Decoding Vulnerability - CVE-2007-0213:\r\n\r\nA remote code execution vulnerability exists in Microsoft Exchange Server because of the way that it decodes specially crafted e-mail messages. An attacker could exploit the vulnerability by sending a specially crafted e-mail to a Microsoft Exchange Server user account. An attacker who successfully exploited this vulnerability could take complete control of an affected system.\r\n\t\r\nMitigating Factors for MIME Decoding Vulnerability - CVE-2007-0213:\r\n\r\nWe have not identified any mitigations for this vulnerability.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for MIME Decoding Vulnerability - CVE-2007-0213:\r\n\r\nMicrosoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they will help to block known attack vectors. When a workaround reduces functionality, it is identified in the following section.\r\n\u2022\t\r\n\r\nRequire authentication for connections to a server that is running Microsoft Exchange Server for all client and message transport protocols.\r\n\r\nRequiring authentication for all connections made to the Exchange Server computer will help protect against anonymous attacks. This will not protect against an attack from a malicious user who can successfully authenticate.\r\n\r\nImpact of workaround: Anonymous communication from clients through IMAP, POP3, HTTP, LDAP, SMTP, and NNTP will no longer be possible. Server to server anonymous communication through RPC, X.400, foreign gateway, and third-party connector protocols will also no longer be possible. In default configurations of Exchange Server, authenticated access is required for all protocols except SMTP. If all text/calendar MIME type message parts and the meeting.ics file are blocked, anonymous SMTP connections could still be accepted.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for MIME Decoding Vulnerability - CVE-2007-0213:\r\n\r\nWhat is the scope of the vulnerability?\r\nThis is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could remotely take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\r\n\r\nWhat causes the vulnerability?\r\nMicrosoft Exchange incorrectly handles the decoding of specially crafted, base64 encoded content.\r\n\r\nWhat is MIME?\r\nMIME stands for Multipurpose Internet Mail Extensions, a protocol for defining file attachments for the Web.\r\n\r\nWhat might an attacker use the vulnerability to do?\r\nAn attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\r\n\r\nHow could an attacker exploit the vulnerability?\r\nAn attacker could exploit the vulnerability by sending a specially crafted e-mail to a Microsoft Exchange Server user account. An attacker who successfully exploited this vulnerability could take complete control of an affected system.\r\n\r\nWhat systems are primarily at risk from the vulnerability?\r\nMicrosoft Exchange Servers are primarily at risk from this vulnerability.\r\n\r\nWhat does the update do?\r\nThe update removes the vulnerability by modifying the way that Exchange Server handles base64-encoded messages.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed?\r\nNo. Microsoft received information about this vulnerability through responsible disclosure. Microsoft had not received any information to indicate that this vulnerability had been publicly disclosed when this security bulletin was originally issued.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?\r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.\r\nTop of sectionTop of section\r\nTop of sectionTop of section\r\n\t\r\nIMAP Literal Processing Vulnerability - CVE-2007-0221:\r\n\r\nA denial of service vulnerability exists in Microsoft Exchange Server because of the way that it handles invalid IMAP requests. An attacker could exploit the vulnerability by sending a specially crafted IMAP command to a Microsoft Exchange Server configured as an IMAP server. An attacker successfully exploiting this vulnerability could cause the mail service to stop responding.\r\n\t\r\nMitigating Factors for IMAP Literal Processing Vulnerability - CVE-2007-0221:\r\n\u2022\t\r\n\r\nFirewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for IMAP Literal Processing Vulnerability - CVE-2007-0221:\r\n\r\nMicrosoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.\r\n\u2022\t\r\n\r\nBlock the following at the firewall:\r\n\u2022\t\r\n\r\nTCP port 143\r\n\r\nThis port is used to initiate a connection with IMAP. Blocking it at the firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability.\r\n\u2022\t\r\n\r\nDisable the IMAP service\r\n\r\nDisabling the IMAP service will help protect the affected system from attempts to exploit this vulnerability. To disable the IMAP service, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nClick Start, and then click Control Panel. Alternatively, point to Settings, and then click Control Panel.\r\n\r\n2.\r\n\t\r\n\r\nDouble-click Administrative Tools.\r\n\r\n3.\r\n\t\r\n\r\nDouble-click Services.\r\n\r\n4.\r\n\t\r\n\r\nDouble-click IMAP4.\r\n\r\n5.\r\n\t\r\n\r\nIn the Startup type list, click Disabled.\r\n\r\n6.\r\n\t\r\n\r\nClick Stop, and then click OK.\r\n\r\nYou can also stop and disable the IMAP service by using the following command at the command prompt:\r\n\r\nsc stop IMAP4svc\r\nsc config IMAP4svc start= disabled\r\n\r\nImpact of workaround: If you disable the IMAP service, you turn off IMAP functionality for IMAP clients.\r\n\u2022\t\r\n\r\nStop the IMAP virtual server\r\n\r\nStopping the IMAP virtual server will help protect the affected system from attempts to exploit this vulnerability. To stop the IMAP virtual server, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nClick Start, point to All Programs, point to Microsoft Exchange, and then click System Manager.\r\n\r\n2.\r\n\t\r\n\r\nExpand Servers, expand Server, expand Protocols, and then expand IMAP4.\r\n\r\n3.\r\n\t\r\n\r\nRight-click IMAP4 Virtual Server and then click Stop.\r\n\r\nImpact of workaround: If you disable the IMAP virtual server, you turn off IMAP functionality for IMAP clients.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for Vulnerabilities in IMAP Literal Processing Vulnerability - CVE-2007-0221:\r\n\r\nWhat is the scope of the vulnerability?\r\nThis is a denial of service vulnerability. An attacker who successfully exploited this vulnerability could cause the e-mail service to stop responding on a Microsoft Exchange Server. During that time, the Exchange Server cannot respond to user requests to access, send, or receive e-mail. The IIS Admin Service service must be restarted to regain its functionality.\r\n\r\nWhat causes the vulnerability?\r\nThe vulnerability is caused by incorrect handling of a command in the IMAP service.\r\n\r\nWhat is IMAP?\r\nIMAP stands for Internet Message Access Protocol. IMAP is an e-mail protocol that Exchange and other e-mail programs use to exchange messages. IMAP allows users to perform tasks including folder creation, message searching, and other e-mail tasks.\r\n\r\nWhat might an attacker use the vulnerability to do?\r\nAn attacker who successfully exploited this vulnerability could cause the e-mail service to stop responding on a Microsoft Exchange Server. During that time, the Exchange Server cannot respond to user requests to access, send, or receive e-mail. The IIS Admin Service service must be restarted to regain its functionality.\r\n\r\nHow could an attacker exploit the vulnerability?\r\nAn attacker could try to exploit the vulnerability by sending a specially crafted IMAP command to a Microsoft Exchange Server configured as an IMAP server. An attacker successfully exploiting this vulnerability could cause the mail service to stop responding.\r\n\r\nWhat systems are primarily at risk from the vulnerability?\r\nWhile the security update is intended for any affected and supported Microsoft Exchange Server, servers hosting IMAP services are primarily at risk from this vulnerability.\r\n\r\nWhat does the update do?\r\nThe update removes the vulnerability by modifying the way that Microsoft Exchange Server validates IMAP commands.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed?\r\nNo. Microsoft received information about this vulnerability through responsible disclosure. Microsoft had not received any information to indicate that this vulnerability had been publicly disclosed when this security bulletin was originally issued.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?\r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.\r\n\r\nAcknowledgments\r\n\r\nMicrosoft thanks the following for working with us to help protect customers:\r\n\u2022\t\r\n\r\nMartijn Brinkers of Izecom for reporting the Outlook Web Access Script Injection Vulnerability (CVE-2007-0220).\r\n\u2022\t\r\n\r\nAlexander Sotirov of Determina Security Research for reporting the Malformed iCal Vulnerability Vulnerability (CVE-2007-0039).\r\n\u2022\t\r\n\r\nJoxean Koret, working with the iDefense Vulnerability Contributor Program, for reporting the IMAP Literal Processing Vulnerability (CVE-2007-0221).\r\n\r\nDisclaimer:\r\n\r\nThe information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\r\n\r\nRevisions: \r\n\u2022\t\r\n\r\nV1.0 (May 8, 2007): Bulletin published.", "edition": 1, "reporter": "Securityvulns", "published": "2007-05-08T00:00:00", "title": "Microsoft Security Bulletin MS07-026 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:22", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-0039", "CVE-2007-0221", "CVE-2007-0220", "CVE-2007-0213"], "modified": "2007-05-08T00:00:00", "id": "SECURITYVULNS:DOC:16961", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16961", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:22", "references": [], "description": "Determina Security Research\r\n\r\nExchange Calendar MODPROPS Denial of Service\r\nhttp://www.determina.com/security.research/vulnerabilities/exchange-ical-modprops.html\r\n\r\nCVE ID: CVE-2007-0039\r\n MS ID: MS07-026\r\n\r\nVendor notification: Dec 20, 2006\r\nVendor patch: May 8, 2007\r\n\r\n\r\nSystems Affected:\r\n\r\n * Exchange 2000\r\n * Exchange 2003\r\n\r\n\r\nOverview:\r\n\r\nDetermina Security Research has discovered a denial of service vulnerability in\r\nthe code responsible for parsing iCal email attachments in Microsoft Exchange.\r\nThis vulnerability can be exploited by a malicious email message and results in\r\na denial of service. The vulnerable code is present in Exchange 2000 and 2003.\r\n\r\nMicrosoft fixed a related vulnerability with the MS06-019 security update, but\r\ntheir fix introduced a new denial of service bug. Determina Security Research\r\nwas able to develop a proof-of-concept exploit that works against fully-patched\r\nExchange servers.\r\n\r\n\r\nTechnical Details:\r\n\r\nThe iCal file format is described in detail in RFC2445. The file consists of a\r\nseries of records, delimited by BEGIN and END tags. Each record can have\r\nmultiple named properties. The iCal parser in Exchange maintains a table of\r\nproperties valid in the current context and switches to the appropriate table\r\nupon entering a new record.\r\n\r\nThe X-MICROSOFT-CDO-MODPROPS property is an undocumented Microsoft extension\r\nwhich allows the iCal file to specify a list of properties that are considered\r\nvalid in a specific record. All other properties will be ignored by Exchange.\r\nThe following example shows a typical usage of this feature:\r\n\r\nBEGIN:VEVENT\r\nX-MICROSOFT-CDO-MODPROPS:BEGIN,DTEND,DTSTART,END\r\nDTSTART:19970714T170000Z\r\nDTEND:19970715T035959Z\r\nSUMMARY:Bastille Day Party\r\nEND:VEVENT\r\n\r\nIn this example, the SUMMARY property will not be processed by Exchange.\r\n\r\nWhen the parser encounters the MODPROPS property, it calls\r\nCICalSchema::AllocPropTables to allocate a new table of valid properties. The\r\npointer to the new table is stored in this->field_F0 and the list of valid\r\nproperties is copied into the table. If there is a second MODPROPS property, the\r\nfunction will be called again and will reuse the previousely allocated table. If\r\nthe second MODPROPS element is longer than the first one, the copy loop will\r\nwrite past the end of the table.\r\n\r\nThis vulnerability was fixed in MS06-019 by adding a call to\r\nCICalSchema::FreePropTables in the beginning of the AllocPropTables function.\r\nThis ensures that the previous property table is freed and AllocPropTables\r\nallocates a new one of sufficient size.\r\n\r\nUnfortunately, FreePropTables also sets the this->field_28 pointer to NULL. The\r\nNULL pointer is later used in a memcpy operation in AllocPropTables and causes\r\nan unhandled exception, resulting in a crash of Exchange.\r\n\r\n// Allocate a new property table\r\n\r\nint CICalSchema::AllocPropTables(arg_0, arg_4)\r\n{\r\n this->FreePropTables();\r\n\r\n ...\r\n\r\n // Allocate space for the new table\r\n\r\n if (this->field_F0 == NULL)\r\n this->field_F0 = new(vector_size*16);\r\n\r\n ...\r\n\r\n // NULL pointer dereference of this->field_28\r\n memcpy(&this->field_F4[offset_F4], &this->field_28[index*20], 20);\r\n}\r\n\r\n\r\n// Free the property table\r\n\r\nvoid CICalSchema::FreePropTables()\r\n{\r\n if (this->field_F0 != NULL) {\r\n ...\r\n\r\n ExFree(this->field_F0);\r\n this->field_F0 = NULL;\r\n }\r\n\r\n if (this->field_F4 != NULL) {\r\n if (this->field_28 == this->field_F4) {\r\n this->field_28 = NULL; // set this->field_28 to NULL\r\n this->field_1C = 0;\r\n }\r\n\r\n ExFree(this->field_F4);\r\n this->field_F4 = NULL;\r\n }\r\n\r\n ...\r\n}\r\n\r\n\r\nProtection:\r\n\r\nDetermina VPS Server protects against the exploitation of this vulnerability.\r\n\r\n\r\nVendor response:\r\n\r\nMicrosoft issued the MS07-026 patch on May 8, 2007.\r\n\r\n\r\nCredit:\r\n\r\nDiscovery: Alexander Sotirov, Determina Security Research\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2007-05-10T00:00:00", "title": "Exchange Calendar MODPROPS Denial of Service (CVE-2007-0039)", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:22", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-0039"], "modified": "2007-05-10T00:00:00", "id": "SECURITYVULNS:DOC:16977", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16977", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:22", "references": [], "description": "Microsoft Exchange Server 2000 IMAP Literal Processing DoS Vulnerability\r\n\r\niDefense Security Advisory 05.08.07\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nMay 08, 2007\r\n\r\nI. BACKGROUND\r\n\r\nMicrosoft Exchange Server 2000 is a messaging product developed by\r\nMicrosoft, part of the Windows Server System line of server products.\r\nMore information about it can be found at the following URL.\r\n\r\nhttp://www.microsoft.com/technet/prodtechnol/exchange/2000/default.mspx\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of an integer overflow vulnerability in the IMAP\r\nservice of Microsoft Exchange 2000 could allow a remote attacker to\r\ncrash all running Exchange services and other services in the same\r\nprocess.\r\n\r\nThe vulnerability specifically exists in code responsible for reading of\r\nliterals in the IMAP4 service. When the IMAP4 service encounters a\r\nspecially crafted literal, it fails to properly process it. An access\r\nviolation occurs causing an unhandled exception that terminates the\r\nprocess.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability allows an attacker to cause the\r\naffected server to restart or potentially require data to be\r\nreinstalled from backup.\r\n\r\nAs the Exchange server may run in the same process space as many other\r\nservers, crashing the IMAP4 component will also cause the SMTP, POP3,\r\nWWW and FTP services, if enabled, to exit. In order to exploit this\r\nvulnerability, the attacker must have access to establish a TCP session\r\nwith the IMAP4 service.\r\n\r\nIV. DETECTION\r\n\r\niDefense confirmed the existence of this vulnerability in Microsoft\r\nExchange\r\n2000 with Service Pack 3.\r\n\r\nV. WORKAROUND\r\n\r\niDefense is not currently aware of any effective workarounds for this\r\nvulnerability. Consider applying network access controls on this\r\nservice.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nMicrosoft has addressed this vulnerability within MS07-026. For more\r\ninformation, consult their bulletin at the following URL.\r\n\r\nhttp://www.microsoft.com/technet/security/Bulletin/MS07-026.mspx\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2007-0221 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n01/10/2007 Initial vendor notification\r\n01/22/2007 Initial vendor response\r\n05/08/2007 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was reported to iDefense by Joxean Koret.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2007 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically,\r\nplease e-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct,\r\nindirect, or consequential loss or damage arising from use of, or\r\nreliance on, this information.", "edition": 1, "reporter": "Securityvulns", "published": "2007-05-10T00:00:00", "title": "iDefense Security Advisory 05.08.07: Microsoft Exchange Server 2000 IMAP Literal Processing DoS Vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:22", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-0221"], "modified": "2007-05-10T00:00:00", "id": "SECURITYVULNS:DOC:16976", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16976", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "cert": [{"lastseen": "2018-08-31T02:37:55", "references": ["http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0220", "http://www.microsoft.com/technet/security/Bulletin/MS07-026.mspx", "http://www.microsoft.com/technet/security/Bulletin/MS07-026.mspx", "http://www.cert.org/advisories/CA-2000-02.html", "http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx"], "description": "### Overview\n\nMicrosoft Exchange Outlook Web Access (OWA) fails to properly handle the UTF character set label, which can allow a remote, unauthenticated attacker to execute script within the security context of the OWA user.\n\n### Description\n\nOWA allows users to access their email accounts on a Microsoft Exchange server from another host through a web browser. When a user opens a script-based email attachment, the web browser may execute the script on the client side. If executed, the script would have all the privileges of the OWA user, including access to and manipulation of messages and folders on the server. \n \n--- \n \n### Impact\n\nA remote attacker with the ability to supply an email message containing specially crafted script may be able to execute the script in the security context of the victim user on the client system. For more information about this type of vulnerability, please see CERT Advisory [CA-2000-02](<http://www.cert.org/advisories/CA-2000-02.html>). \n \n--- \n \n### Solution\n\n**Apply an update**\n\nThis issue is addressed in Microsoft Security Bulletin [MS07-026](<http://www.microsoft.com/technet/security/Bulletin/MS07-026.mspx>). \n \n--- \n \n \n**Workarounds** \n \nMicrosoft Security Bulletin [MS07-026](<http://www.microsoft.com/technet/security/Bulletin/MS07-026.mspx>) provides several workarounds, including disabling OWA and restricting HTML attachments. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nMicrosoft Corporation| | -| 08 May 2007 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23124113 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx>\n * [Improper authorization checking in IOS FTP server ](<Improper authorization checking in IOS FTP server >)\n\n### Credit\n\nThis vulnerability was reported by Microsoft, who in turn credit Martijn Brinkers of Izecom.\n\nThis document was written by Will Dormann.\n\n### Other Information\n\n * CVE IDs: [CVE-2007-0220](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0220>)\n * Date Public: 08 May 2007\n * Date First Published: 08 May 2007\n * Date Last Updated: 09 May 2007\n * Severity Metric: 5.46\n * Document Revision: 5\n\n", "edition": 3, "reporter": "CERT", "published": "2007-05-08T00:00:00", "title": "Microsoft Exchange Outlook Web Access UTF character set label script injection vulnerability", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2007-0220", "CVE-2007-0220"], "modified": "2007-05-09T00:00:00", "id": "VU:124113", "href": "https://www.kb.cert.org/vuls/id/124113", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T02:36:54", "references": ["http://secunia.com/advisories/25183/", "http://www.microsoft.com/technet/security/Bulletin/MS07-003.mspx", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0213", "http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx", "http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx"], "description": "### Overview\n\nMicrosoft Exchange Server contains a remote code execution vulnerability that could enable an attacker to execute arbitrary code and gain complete control of the vulnerable system.\n\n### Description\n\nMicrosoft Exchange Server fails to properly process MIME messages. When an email message containing base64 encoded content is opened, Microsoft Exchange Server does not properly decode the base64 content. An attacker could send a specially crafted email that, when opened, could allow the attacker to execute arbitrary code. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. \n \n--- \n \n### Impact\n\nBy sending a specially crafted email message to a Microsoft Exchange Server, a remote, unauthenticated attacker could execute arbitrary code on the server. \n \n--- \n \n### Solution\n\nMicrosoft addresses this vulnerability with the updates listed in Microsoft Security Bulletin [MS07-026](<http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx>)[](<http://www.microsoft.com/technet/security/Bulletin/MS07-003.mspx>). \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nMicrosoft Corporation| | -| 08 May 2007 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23343145 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx>\n * <http://secunia.com/advisories/25183/>\n\n### Credit\n\nThis document was written by Joseph W Pruszynski.\n\n### Other Information\n\n * CVE IDs: [CVE-2007-0213](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0213>)\n * Date Public: 08 May 2007\n * Date First Published: 08 May 2007\n * Date Last Updated: 09 May 2007\n * Severity Metric: 68.85\n * Document Revision: 14\n\n", "edition": 3, "reporter": "CERT", "published": "2007-05-08T00:00:00", "title": "Microsoft Exchange Server fails to properly decode MIME email messages", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2007-0213", "CVE-2007-0213"], "modified": "2007-05-09T00:00:00", "id": "VU:343145", "href": "https://www.kb.cert.org/vuls/id/343145", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:30", "references": [], "description": "## Vulnerability Description\nExchange Server contains a flaw that may allow a remote denial of service. The issue is triggered by a specially crafted iCal file with multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties, and will result in loss of availability for the service.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.\n## Short Description\nExchange Server contains a flaw that may allow a remote denial of service. The issue is triggered by a specially crafted iCal file with multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties, and will result in loss of availability for the service.\n## References:\nSecurity Tracker: 1018015\n[Secunia Advisory ID:25183](https://secuniaresearch.flexerasoftware.com/advisories/25183/)\n[Related OSVDB ID: 34392](https://vulners.com/osvdb/OSVDB:34392)\n[Related OSVDB ID: 34391](https://vulners.com/osvdb/OSVDB:34391)\n[Related OSVDB ID: 34389](https://vulners.com/osvdb/OSVDB:34389)\nNews Article: http://www.informationweek.com/news/showArticle.jhtml?articleID=199400216\nMicrosoft Security Bulletin: MS07-026\nMicrosoft Knowledge Base Article: 931832\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0120.html\nFrSIRT Advisory: ADV-2007-1711\n[CVE-2007-0039](https://vulners.com/cve/CVE-2007-0039)\nBugtraq ID: 23808\n", "edition": 1, "reporter": "Alexander Sotirov()", "published": "2007-05-08T19:14:45", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Microsoft Exchange Server MODPROPS Malformed iCal DoS", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [{"name": "Exchange Server", "version": "2000 SP3", "operator": "eq"}, {"name": "Exchange Server", "version": "2003 SP1", "operator": "eq"}, {"name": "Exchange Server", "version": "2003 SP2", "operator": "eq"}, {"name": "Exchange Server", "version": "2007", "operator": "eq"}], "cvelist": ["CVE-2007-0039"], "modified": "2007-05-08T19:14:45", "href": "https://vulners.com/osvdb/OSVDB:34390", "id": "OSVDB:34390", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:30", "references": [], "description": "## Vulnerability Description\nExchange Server contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered by incorrect handling of a UTF character set label by Outlook Web Access. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.\n## Short Description\nExchange Server contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered by incorrect handling of a UTF character set label by Outlook Web Access. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.\n## References:\nSecurity Tracker: 1018015\n[Secunia Advisory ID:25183](https://secuniaresearch.flexerasoftware.com/advisories/25183/)\n[Related OSVDB ID: 34392](https://vulners.com/osvdb/OSVDB:34392)\n[Related OSVDB ID: 34391](https://vulners.com/osvdb/OSVDB:34391)\n[Related OSVDB ID: 34390](https://vulners.com/osvdb/OSVDB:34390)\nNews Article: http://www.informationweek.com/news/showArticle.jhtml?articleID=199400216\nMicrosoft Security Bulletin: MS07-026\nMicrosoft Knowledge Base Article: 931832\nFrSIRT Advisory: ADV-2007-1711\n[CVE-2007-0220](https://vulners.com/cve/CVE-2007-0220)\nCERT VU: 124113\nBugtraq ID: 23806\n", "edition": 1, "reporter": "Martijn Brinkers()", "published": "2007-05-08T19:14:45", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Microsoft Exchange Outlook Web Access (OWA) Attachment Script Injection", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [{"name": "Exchange Server", "version": "2000 SP3", "operator": "eq"}, {"name": "Exchange Server", "version": "2003 SP1", "operator": "eq"}, {"name": "Exchange Server", "version": "2003 SP2", "operator": "eq"}], "cvelist": ["CVE-2007-0220"], "modified": "2007-05-08T19:14:45", "href": "https://vulners.com/osvdb/OSVDB:34389", "id": "OSVDB:34389", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "references": [], "description": "## Vulnerability Description\nA remote code execution flaw exists in Exchange Server. It fails to validate base64-encoded content, allowing a specially crafted email to execute arbitrary code, resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.\n## Short Description\nA remote code execution flaw exists in Exchange Server. It fails to validate base64-encoded content, allowing a specially crafted email to execute arbitrary code, resulting in a loss of integrity.\n## References:\nSecurity Tracker: 1018015\n[Secunia Advisory ID:25183](https://secuniaresearch.flexerasoftware.com/advisories/25183/)\n[Related OSVDB ID: 34392](https://vulners.com/osvdb/OSVDB:34392)\n[Related OSVDB ID: 34389](https://vulners.com/osvdb/OSVDB:34389)\n[Related OSVDB ID: 34390](https://vulners.com/osvdb/OSVDB:34390)\nNews Article: http://www.informationweek.com/news/showArticle.jhtml?articleID=199400216\nMicrosoft Security Bulletin: MS07-026\nMicrosoft Knowledge Base Article: 931832\nFrSIRT Advisory: ADV-2007-1711\n[CVE-2007-0213](https://vulners.com/cve/CVE-2007-0213)\nCERT VU: 343145\nBugtraq ID: 23809\n", "edition": 1, "reporter": "OSVDB", "published": "2007-05-08T19:14:45", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Microsoft Exchange Server MIME Decoding Remote Code Execution", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [{"name": "Exchange Server", "version": "2000 SP3", "operator": "eq"}, {"name": "Exchange Server", "version": "2003 SP1", "operator": "eq"}, {"name": "Exchange Server", "version": "2003 SP2", "operator": "eq"}, {"name": "Exchange Server", "version": "2007", "operator": "eq"}], "cvelist": ["CVE-2007-0213"], "modified": "2007-05-08T19:14:45", "href": "https://vulners.com/osvdb/OSVDB:34391", "id": "OSVDB:34391", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:30", "references": [], "description": "## Vulnerability Description\nExchange Server contains a flaw that may allow a remote denial of service. The issue is triggered when the IMAP4 service processes an IMAP command with crafted literals, and will result in loss of availability for the service.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.\n## Short Description\nExchange Server contains a flaw that may allow a remote denial of service. The issue is triggered when the IMAP4 service processes an IMAP command with crafted literals, and will result in loss of availability for the service.\n## References:\nSecurity Tracker: 1018015\n[Secunia Advisory ID:25183](https://secuniaresearch.flexerasoftware.com/advisories/25183/)\n[Related OSVDB ID: 34391](https://vulners.com/osvdb/OSVDB:34391)\n[Related OSVDB ID: 34389](https://vulners.com/osvdb/OSVDB:34389)\n[Related OSVDB ID: 34390](https://vulners.com/osvdb/OSVDB:34390)\nOther Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=526\nNews Article: http://www.informationweek.com/news/showArticle.jhtml?articleID=199400216\nMicrosoft Security Bulletin: MS07-026\nMicrosoft Knowledge Base Article: 931832\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-05/0131.html\nFrSIRT Advisory: ADV-2007-1711\n[CVE-2007-0221](https://vulners.com/cve/CVE-2007-0221)\nBugtraq ID: 23810\n", "edition": 1, "reporter": "Joxean Koret(joxeankoret@yahoo.es)", "published": "2007-05-08T19:14:45", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Microsoft Exchange Server IMAP Literal Processing DoS", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [{"name": "Exchange Server", "version": "2000 SP3", "operator": "eq"}], "cvelist": ["CVE-2007-0221"], "modified": "2007-05-08T19:14:45", "href": "https://vulners.com/osvdb/OSVDB:34392", "id": "OSVDB:34392", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}
