Published: 02/05/2005 Updated: 09/04/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote malicious users to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft exchange server 2000
microsoft exchange server 2003

#!/bin/perl # # # MS05-021 Exchange X-LINK2STATE Heap Overflow # Author: Evgeny Pinchuk # For educational purposes only # # Tested on: # Windows 2000 Server SP4 EN # Microsoft Exchange 2000 SP3 # # Thanks and greets: # Halvar Flake (thx for the right directions) # Alex Behar, Yuri Gushin, Ishay Sommer, Ziv Gadot and Dave Hawkins # # use IO::S ...

CWE-787 http://secunia.com/advisories/14920/http://www.osvdb.org/displayvuln.php?osvdb_id=15467 http://xforce.iss.net/xforce/alerts/id/193 http://www.us-cert.gov/cas/techalerts/TA05-102A.html http://www.kb.cert.org/vuls/id/275193 http://marc.info/?l=bugtraq&m=111393947713420&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4032 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-021 https://nvd.nist.gov https://www.exploit-db.com/exploits/947/https://www.kb.cert.org/vuls/id/275193

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-0560

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect