MS.CDO.Remote.Code.Execution
Description
This indicates an attack attempt against a buffer overflow vulnerability in Collaboration Data Objects (CDO) which are used in Microsoft Exchange Server.
The vulnerability is caused by an error when DOSYS or CDOEX processes an e-mail message with a large header name, such as one using the "Content-Type" string. It allows a remote attacker to execute arbitrary code via sending a crafted SMTP request.
Affected Products
Microsoft Exchange Server 2000 - Microsoft Exchange Server 2000 SP3
Microsoft IIS 5.0 - Microsoft IIS 6.0
Microsoft Windows 2000 (all versions)
Microsoft Windows 2003 (all versions)
Microsoft Windows XP (all versions)
Impact
System compromise
Recommended Actions
Microsoft has released a critical update to fix this vulnerability. Please apply MS05-048 to all vulnerable systems.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |