Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в Microsoft Exchange
дополнено с 8 мая 2007 г.
Опубликовано:10 мая 2007 г.
Источник:
SecurityVulns ID:7680
Тип:удаленная
Уровень опасности:
8/10
Описание:Межсайтовый скриптинг в OWA, DoS при разборе iCal, повреждение памяти при декодировании Base64, DoS через IMAP.
Затронутые продукты:MICROSOFT : Exchange 2000
 MICROSOFT : Exchange 2003
 MICROSOFT : Exchange 2007
CVE:CVE-2007-0221 (Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability.")
 CVE-2007-0220 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".)
 CVE-2007-0213 (Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.)
 CVE-2007-0039 (The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.)
Оригинальный текстdocumentAlexander Sotirov, Exchange Calendar MODPROPS Denial of Service (CVE-2007-0039) (10.05.2007)
 documentIDEFENSE, iDefense Security Advisory 05.08.07: Microsoft Exchange Server 2000 IMAP Literal Processing DoS Vulnerability (10.05.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-026 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832) (08.05.2007)
Файлы:Microsoft Security Bulletin MS07-026 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород