The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
Score CVSS v2.0
10.0
/ 10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Informations
- Publié
- 3 nov. 2004
- Mis à jour
- 16 avr. 2026
- Statut
- Modified
- Source
- cve@mitre.org
Produits affectés
microsoft exchange server
Versions : 2003
microsoft windows server 2003
Versions : r2
microsoft windows xp
Faiblesses (CWE)
CWE-20
Références (16)
- http://www.kb.cert.org/vuls/id/394792PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/11374Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17621Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17660Third Party AdvisoryVDB Entry
- http://www.kb.cert.org/vuls/id/394792PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/11374Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17621Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17660Third Party AdvisoryVDB Entry
- + 1 autres références sur NVD
CVEs similaires
Autres vulnérabilités de type CWE-20
Loading…
Surveillez vos produits
Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.