Microsoft Exchange X-LINK2STATE buffer overflow
Added: 01/13/2006CVE: CVE-2005-0560
BID: 13118
OSVDB: 15467
Background
Microsoft Exchange is an e-mail server for Microsoft Windows operating systems.Problem
A buffer overflow condition in the handling of the X-LINK2STATE extended verb could allow a remote attacker to execute arbitrary commands.Resolution
Install the patch referenced in Microsoft Security Bulletin 05-021.References
http://www.microsoft.com/technet/security/bulletin/ms05-021.mspxLimitations
Exploit works on Exchange 2000 SP3. Unauthenticated exploitation is not possible against Windows Server 2003. Since this is a heap-based buffer overflow, exploit may not be reliable. Automated penetration test might not be able to pick the correct Exchange target type since there is no way to determine it remotely.Platforms
Windows 2000Back to exploit index