Check or Attack Name: SMTP DoS for MS Exchange

Microsoft Exchange Server 4.0 and 5.0 contain a buffer overflow in multiple commands (HELO, RCPT TO, and MAIL FROM) that could allow a remote attacker to crash the server and under some circumstances possibly execute arbitrary code on the system. The attack itself does not directly have any impact on the integrity of data stored by the Exchange Server.

Upgrade to Microsoft Exchange 5.5.

Microsoft Exchange 5.0 users must apply Microsoft Exchange Service Pack 1 (SP1) available at http://support.microsoft.com/support/downloads/LNP489.asp.

Microsoft Knowledge Base Article Q169174, XFOR: IMS Halts if RFC821 Address Over 1k in Size is Received, http://support.microsoft.com/support/kb/articles/q169/1/74.asp

Microsoft Personal Support Center, Support Downloads for Exchange Server, http://support.microsoft.com/support/downloads/LNP489.asp