|
Microsoft Exchange Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA25183
|
|
|
Release Date:
|
2007-05-08
|
|
Last Update:
|
2007-05-09
|
|
Popularity:
|
14,296 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Cross Site Scripting
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Microsoft Exchange 2000 Enterprise Server
Microsoft Exchange Server 2000
Microsoft Exchange Server 2003
Microsoft Exchange Server 2007
|
|
|
Binary Analysis:
|
BA128 :: Available for Credits 
BA129 :: Available for Credits
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| CVE reference: | CVE-2007-0039
CVE-2007-0213
CVE-2007-0220
CVE-2007-0221
|
|
Description:
Some vulnerabilities have been reported in Microsoft Exchange, which can be exploited by malicious people to conduct script insertion attacks, cause a DoS (Denial of Service), or compromise a vulnerable system.
1) Outlook Web Access (OWA) does not handle a certain UTF character set label correctly. As a results, script-based attachments are not properly sanitised before being displaying, which can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site when opening a file.
2) An error in the Exchange Collaboration Data Objects (EXCDO) functionality when handling MODPROPS properties in iCal files can be exploited to cause the mail service to stop responding via a specially crafted iCal file containing two MODPROPS properties where the second is longer than the first.
3) An error in the MIME decoding can be exploited to execute arbitrary code via a malicious e-mail message containing specially crafted base64-encoded content.
4) An integer overflow error in the handling of IMAP literals can be exploited to cause the mail service to stop responding via a specially crafted IMAP command.
Solution:
Apply patches.
Exchange 2000 Server SP3 with Exchange 2000 Post-SP3 Update Rollup of August 2004:
http://www.microsoft.com/downloads/de...=21968843-4A81-4F1D-8207-5B0A710E3157
Exchange Server 2003 SP1:
http://www.microsoft.com/downloads/de...=5E7939BE-73D1-461C-8C79-EDDB0F1459FC
Exchange Server 2003 SP2:
http://www.microsoft.com/downloads/de...=1ABF93DA-D765-4876-96B5-ACB2D2A48F8F
Exchange Server 2007:
http://www.microsoft.com/downloads/de...=356874EF-C9C0-4842-99F0-E449E9940358
Provided and/or discovered by:
1) The vendor credits Martijn Brinkers, Izecom.
2) Alexander Sotirov, Determina Security Research.
3) Reported by the vendor.
4) Discovered by Joxean Koret and reported via iDefense Labs.
Changelog:
2007-05-09: Added additional information from Determina and iDefense Labs. Added links to US-CERT.
Original Advisory:
MS07-026 (KB931832):
http://www.microsoft.com/technet/security/Bulletin/MS07-026.mspx
Determina:
http://www.determina.com/security.res...abilities/exchange-ical-modprops.html
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=526
Other References:
US-CERT VU#124113:
http://www.kb.cert.org/vuls/id/124113
US-CERT VU#343145:
http://www.kb.cert.org/vuls/id/343145
Extended Solution:
The "Extended Solution" section is available for Secunia customers only. Request a trial and get access to the Secunia Customer Area and Extended Secunia advisories.
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
