To support the exchange of mail with heterogeneous systems, Exchange messages use the attributes of SMTP mail messages that are specified by RFC's 821 and 822. There is a flaw in the way Exchange 2000 handles certain malformed RFC message attributes on received mail. Upon receiving a message containing such a malformation, the flaw causes the Store service to consume 100% of the available CPU in processing the message.
A security vulnerability results because it is possible for an attacker to seek to exploit this flaw and mount a denial of service attack. An attacker could attempt to levy an attack by connecting directly to the Exchange server and passing a raw, hand-crafted mail message with a specially malformed attribute. When the message was received and processed by the Store service, the CPU would spike to 100%. The effects of the attack would last as long as it took for the Exchange Store service to process the message. Neither restarting the service nor rebooting the server would remedy the denial of service.
Microsoft Exchange 2000 SP2
Like it? Share with your friends!
Other Windows Software of Developer «Microsoft»:
Windows 2000 Multiple UNC Provider Vulnerability Patch This update resolves the ""Unchecked buffer in the Multiple UNC Provider"" security vulnerability in Windows 2000, and is discussed in Microsoft Security Bulletin MS02-017. Download it now to prevent a malicious user from exploiting a buffer overflow vulne
.NET Compact Framework Sample: Receiving SMS Messages Demonstrates how to receive SMS messages in a managed application without the SMS message appearing in the inbox and without showing a bubble notification when the SMS message arrives. The sample code will run on a Pocket PC 2003 Phone Edition device. With
Windows Mobile Standard Emulator Images Windows Mobile Standard Emulator Images add emulator images to Visual Studio 2005 or Visual Studio 2008 that let you test applications for Windows Mobile 6.1.4, including Internet Explorer Mobile 6. The emulator images can also be used as standalone withou
Microsoft Windows Vista Home Basic Windows Vista Home Basic supports basic computing needs, such as e-mail, browsing the Internet, and viewing photos. With this edition you'll be able to find what you're looking for on your PC and the Internet quickly and you'll get automatic security featu
Microsoft Office Live Meeting Service Portal (64 Bit) Microsoft Office Live Meeting Service Portal (64 Bit) makes it easier to deploy and manage Live Meeting. If your company has deployed Microsoft Active Directory services, you can use the Live Meeting Service Portal to automatically create Live Meeting acco
Microsoft Windows 2000 Patch: Web Client NTLM Authentication This update resolves the "Web Client NTLM Authentication" security vulnerability in Windows 2000 and Office 2000 and is discussed in Microsoft Security Bulletin MS01-001. Download now to ensure that your Web Extender Client (WEC) components are set to the
Office 2003 Add-in: Project Report Presentation The Project Report Presentation Add-in for Microsoft Office Project 2003 helps a user to quickly and easily create a Microsoft Office PowerPoint presentation containing user-selected task information from Microsoft Office Project. The Project Report Presen
Developer Support OLE File Property Sample (DSOFILE) Code sample download of a COM component which can be used from scripting languages to read the OLE document properties of Microsoft Office files using the OLE IPropertyStorage interface. The Microsoft Developer Support OLE File Property Reader 2.1 Sample d
AES Password Manager AES Password Manager is a full-featured application for securely storing and managing sensitive data such as Web site passwords, credit card numbers, PIN-codes and other. AES Passwords Manager provides a secure database with privilege management support th
Forensic Scan Viesoft Forensic Scan is an Index.DAT scanner and Driectory Profiler used to create HTML reports. Reports can be stored under a case file name and can also be encrypted using the user's set password.Requirements:Windows 98/Me/2000/XP, MDAC 2.7, Microsoft .
Keylogger Hunter Utility for blocking the activity of keyboard monitoring programs presumably running on your PC. Use of Keylogger Hunter allows you to be less dependent on freshness and completeness of the antivirus database, which can possibly contain no information abou
JScript 5.6 Security Patch for Windows 2000 and XP A flaw exists in the way the Windows Script Engine for JScript processes information. An attacker could exploit the vulnerability by constructing a Web page that when visited by the user would execute code of the attacker's choice with user privileges. The
Video2EXE - Video to EXE Convert your video files to exe,protect your video,nobody can edit it;
Support various types of video or audio files (e.g., wmv, avi, asf, mpg, rm, rmvb, mp4, flv, and vob) ;
avi2exe,wmv2exe,rmvb2exe,mpg2exe,rm2exe,asf2exe,mp3 to exe,wma2exe ;
imlSoft Folder Guard Professional It is s a power file encryption software program that can quickly and safely lock and hide files, folder,and drives,and it can use 256-bit AES encryption (Encryption Standard Adopted by the US Government) to protect your files located on HDD drive or any p
SecExMail Secure Email Encryption This e-mail encryption software uses RSA public key encryption and Twofish block cipher; SecExMail features PGP style e-mail keys, but without the dependence on e-mail-software-specific plug-ins. The software runs unobtrusively as a relay agent in the syst
CryptoSticky CryptoSticky can keep memo information secret via encryption, and it can encrypt the clipboard, to interact with virtually any application. It is an easy to use memo application, a computerized version of the yellow paper stickies. Designed to help you or
Snare Micro Server The Snare Micro Server is a program that provides a central collection facility for a variety of log sources, including Snare Agents for Windows, Solaris, AIX, Irix, ISA Server, IIS Server, Lotus Notes (and others), plus any device capable of sending data
SiFEU From the developer: "SiFEU is a program that in an easy way lets you encrypt files with very strong encryption. This release of SiFEU uses the Blowfish algorithm for file encryption and SHA1 for calculating the hash sum of the password. SiFEU integrates wi
Supported Operating Systems:
Windows 2000 |
Comments on Microsoft Exchange 2000 Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources:
Comments not found
Windows Software - Free Windows Downloads, Apps, Games, Freeware, Skype, Media Player, Antivirus, Gimp, Live, Starter for Windows XP, Vista, 7, 8, 10