Rapid7 Vulnerability & Exploit Database

Microsoft Exchange XEXCH50 Verb Buffer Overflow Vulnerability

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

Microsoft Exchange XEXCH50 Verb Buffer Overflow Vulnerability

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

11/17/2003

Created

07/25/2018

Added

03/16/2006

Modified

07/16/2012

Description

Certain versions of Microsoft Exchange are vulnerable to a buffer overflow in the handling of the XEXCH50 SMTP command. This vulnerability is known to be remotely exploitable, resulting in arbitrary remote code execution against Exchange 2000 and denial-of-service against Exchange 5.5 and earlier. A proof of concept is publicly available for this vulnerability.

Solution(s)

install-exchange-2000-patch-829436
install-exchange-5_5-patch-829436
install-exchange-5_0-patch-834130

References

https://attackerkb.com/topics/cve-2003-0714
8838
CA-2003-27
422156
CVE - 2003-0714
MS03-046
http://marc.theaimsgroup.com/?l=bugtraq&m=106682909006586&w=2
http://www.kb.cert.org/vuls/id/422156
http://www.microsoft.com/technet/security/bulletin/ms03-046.asp

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft Exchange XEXCH50 Verb Buffer Overflow Vulnerability

Microsoft Exchange XEXCH50 Verb Buffer Overflow Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.