Vulnerability Bulletins |
Desbordamiento de búfer en Microsoft Exchange |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Compromiso Root |
| Dificulty | Principiante |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Exchange 2000 Server Service Pack 3 Microsoft Exchange Server 2003 Microsoft Exchange Server 2003 Service Pack 1 |
Description |
|
|
Se ha descubierto una vulnerabilidad de desbordamiento de búfer en las versiones 2003, 2003 SP1 y 2000 SP3 de Microsoft Exchange. La vulnerabilidad reside en el servicio SMTP. La explotación de esta vulnerabilidad podría permitir a un atacante remoto ejecutar código arbitrario mediante el envío de comandos SMTP especialmente diseñados. |
|
Solution |
|
|
Actualización de software Microsoft Microsoft Exchange 2000 Server Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=2A2AF17E-2E4A-4479-8AC9-B5544EA0BD66 Microsoft Exchange Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=97F409EB-C8D0-4C94-A67B-5945E26C9267 Microsoft Exchange Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=35BCE74A-E84A-4035-BF18-196368F032CC |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2005-0560 |
| BID | |
Other resources |
|
|
Microsoft Security Bulletin MS05-021 http://www.microsoft.com/technet/security/Bulletin/MS05-021.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2005-04-13 |
| 2.0 | Exploit público disponible | 2005-04-20 |