Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote malicious users to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft exchange server 2000 |
||
microsoft exchange server 2003 |