| Revision Date: | 2005-06-22 | Version: | 1 |
| Title: | Exchange Server SMTP Buffer Overflow |
| Description: | Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port. |
| Family: | windows | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2005-0560
|
| Platform(s): | Microsoft Windows 2000
Microsoft Windows Server 2003
| Product(s): | Microsoft Exchange Server
|
| Definition Synopsis |
| Exchange Server 2003 is installed AND the version of xlsasink.dll is less than 6.5.6981.3
AND NOT the patch KB894549 is installed
|