The Active Network
ActiveMac Anonymous | Create a User | Reviews | News | Forums | Advertise  
 

  *  

  Microsoft Security Bulletin MS02-037: Server Response To SMTP Client EHLO Command Results In Buffer Overrun (Q326322)
Time: 00:00 EST/05:00 GMT | News Source: ActiveWin.com | Posted By: Robert Stein

The Internet Mail Connector (IMC) enables Microsoft Exchange Server to communicate with other mail servers via SMTP. When the IMC receives an SMTP extended Hello (EHLO) protocol command from a connecting SMTP server, it responds by sending a status reply that starts with the following: 250-Hello. A security vulnerability results because of an unchecked buffer in the IMC code that generates the response to the EHLO protocol command. If the total length of the message exceeds a particular value, the data would overrun the buffer. If the buffer were overrun with random data, it would result in the failure of the IMC. If, however, the buffer were overrun with carefully chosen data, it could be possible for the attacker to run code in the security context of the IMC, which runs as Exchange5.5 Service Account.

Write Comment
Return to News

  Displaying 526 through 526 of 526
Prev | First
  The time now is 10:52:55 PM ET.
Any comment problems? E-mail us
#526 By 4240821 (178.217.45.3) at 6/7/2025 5:31:14 PM
https://nsfw.su/v/6k7f94ztrfyw.php
https://nsfw.su/v/mhkvmb0im5dk.php
https://nsfw.su/v/zeh3pivo4ngy.php
https://nsfw.su/v/gsadkb8i3nph.php
https://nsfw.su/v/cl7ukriyzos9.php
https://nsfw.su/v/6xekctf388cq.php
https://nsfw.su/v/zfr3t8ay5hkf.php
https://nsfw.su/v/eq9pec2071h2.php
https://nsfw.su/v/vwtele1zzhut.php
https://nsfw.su/v/lfa45suos3w1.php

Write Comment
Return to News
  Displaying 526 through 526 of 526
Prev | First
  The time now is 10:52:55 PM ET.
Any comment problems? E-mail us
User name and password:

 

  *  
  *   *