7.8

CVE-2007-0039

The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftExchange Server Version2000 Updatesp3
MicrosoftExchange Server Version2003 Updatesp1
MicrosoftExchange Server Version2003 Updatesp2
MicrosoftExchange Server Version2007 Update-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 44.57% 0.986
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://www.securityfocus.com/archive/1/468871/100/200/threaded
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA07-128A.html
Third Party Advisory
US Government Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063232.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/25183
Third Party Advisory
http://www.determina.com/security.research/vulnerabilities/exchange-ical-modprops.html
Broken Link
http://www.osvdb.org/34390
Broken Link
http://www.securityfocus.com/archive/1/468047/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/23808
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1018015
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2007/1711
Permissions Required
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-026
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33888
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1593
Third Party Advisory