Signature Detail
Short Name |
SMTP:EXCHANGE:MIME-MALF-ATTACH |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
SMTP |
Keywords |
microsoft exchange smtp mime |
Release Date |
2008/07/09 |
Update Number |
1213 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SMTP: MS Exchange Malformed MIME Attachment
This anomaly triggers when it detects attempts to exploit a known vulnerability in the Microsoft Exchange Server. A successful attack can lead to arbitrary remote code execution.
Extended Description
Microsoft Exchange is prone to a remote code-execution vulnerability because the application fails to properly decode specially crafted email messages. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the vulnerable application, which may lead to a complete compromise of affected computers.
Affected Products
- Avaya Messaging Application Server MM 2.0
- Avaya Messaging Application Server MM 3.0
- Avaya Messaging Application Server MM 3.1
- Avaya Messaging Application Server
- Microsoft Exchange Server 2000 SP1
- Microsoft Exchange Server 2000 SP2
- Microsoft Exchange Server 2000 SP3
- Microsoft Exchange Server 2000
- Microsoft Exchange Server 2003 SP1
- Microsoft Exchange Server 2003 SP2
- Microsoft Exchange Server 2003
- Microsoft Exchange Server 2007
References
- BugTraq: 23809
- CVE: CVE-2007-0213