7.8

CVE-2007-0039

The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftExchange Server Version2000 Updatesp3
MicrosoftExchange Server Version2003 Updatesp1
MicrosoftExchange Server Version2003 Updatesp2
MicrosoftExchange Server Version2007 Update-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 41.55% 0.973
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://www.us-cert.gov/cas/techalerts/TA07-128A.html
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/23808
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1018015
Third Party Advisory
VDB Entry