Intrusion Prevention

MS.Exchange.Server.Base64.MIME.Message.Code.Execution

Description

This indicates an attack attempt against a heap-overrun vulnerability in Microsoft Exchange Server.
The vulnerability is caused by improper decoding of some specially crafted email messages. A remote attacker could exploit this vulnerability by sending crafted base64-encoded MIME email message to execute arbitrary code using the privileges of the currently logged on user.

Affected Products

Microsoft Exchange Server 2007 0
Microsoft Exchange Server 2003 SP2
Microsoft Exchange Server 2003 SP1
Microsoft Exchange Server 2003
Microsoft Exchange Server 2000 SP3
Microsoft Exchange Server 2000 SP2
Microsoft Exchange Server 2000 SP1
Microsoft Exchange Server 2000
Avaya Messaging Application Server MM 3.1
Avaya Messaging Application Server MM 3.0
Avaya Messaging Application Server MM 2.0
Avaya Messaging Application Server 0

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply patch, available from the web site:
http://www.microsoft.com/technet/security/Bulletin/ms07-026.mspx

CVE References

CVE-2007-0213