The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
CVSS v2.0 Score
10.0
/ 10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Information
- Published
- 3 nov. 2004
- Updated
- 16 avr. 2026
- Status
- Modified
- Source
- cve@mitre.org
Affected products
microsoft exchange server
Versions : 2003
microsoft windows server 2003
Versions : r2
microsoft windows xp
Weaknesses (CWE)
CWE-20
References (16)
- http://www.kb.cert.org/vuls/id/394792PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/11374Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17621Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17660Third Party AdvisoryVDB Entry
- http://www.kb.cert.org/vuls/id/394792PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/11374Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17621Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17660Third Party AdvisoryVDB Entry
- + 1 more references on NVD
Similar CVEs
Other vulnerabilities of type CWE-20
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.