Signature Detail
Short Name |
SMTP:EXCHANGE:ICAL-DOS |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
SMTP |
Keywords |
Microsoft Exchange Malformed iCal Denial of Service |
Release Date |
2007/05/08 |
Update Number |
1213 |
Supported Platforms |
idp-4.0.110090709+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SMTP: Microsoft Exchange Malformed iCal Denial of Service
This signature detects attempts to exploit a known vulnerability against Microsoft Exchange Server. A successful attack can result in a denial-of-service condition.
Extended Description
Microsoft Exchange is prone to a remote denial-of-service vulnerability because it fails to properly handle unexpected iCal message content. Successfully exploiting this issue allows remote attackers to cause targeted Exchange servers to stop responding to further requests for sending, receiving, or accessing email. As a result, denial-of-service conditions occur for legitimate users of affected servers. A denial-of-service condition will persist until an administrator restarts the Microsoft Exchange Information Store service.
Affected Products
- Avaya Messaging Application Server MM 2.0
- Avaya Messaging Application Server MM 3.0
- Avaya Messaging Application Server MM 3.1
- Avaya Messaging Application Server
- Microsoft Exchange Server 2000 SP1
- Microsoft Exchange Server 2000 SP2
- Microsoft Exchange Server 2000 SP3
- Microsoft Exchange Server 2000
- Microsoft Exchange Server 2003 SP1
- Microsoft Exchange Server 2003 SP2
- Microsoft Exchange Server 2003
- Microsoft Exchange Server 2007
References
- BugTraq: 23808
- CVE: CVE-2007-0039