The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows…
microsoft·CWE-476·Published 2007-05-08
The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
La funcionalidad Exchange Collaboration Data Objects (EXCDO) en Microsoft Exchange Server 2000 SP3, 2003 SP1 y SP2 y 2007, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de un archivo Internet Calendar (iCal) que contiene varios propiedades X-MICROSOFT-CDO-MODPROPS (MODPROPS) en las que el segundo MODPROPS es más largo que el primero, lo que desencadena una desreferencia del puntero NULL y una excepción no manejada.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 7.8 | 10.0 | 6.9 | AV:N/AC:L/Au:N/C:N/I:N/A:C |