10
CVE-2007-0213
- EPSS 66.16%
- Veröffentlicht 08.05.2007 23:19:00
- Zuletzt bearbeitet 16.06.2026 22:35:07
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Exchange Server Version2000 Updatesp3
Microsoft ≫ Exchange Server Version2003 Updatesp1
Microsoft ≫ Exchange Server Version2003 Updatesp2
Microsoft ≫ Exchange Server Version2007 Update-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 66.16% | 0.992 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.securityfocus.com/archive/1/468871/100/200/threaded
http://www.us-cert.gov/cas/techalerts/TA07-128A.html
http://secunia.com/advisories/25183
http://www.securitytracker.com/id?1018015
http://www.vupen.com/english/advisories/2007/1711
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-026
http://packetstormsecurity.com/files/153533/Microsoft-Exchange-2003-base64-MIME-Remote-Code-Execution.html
http://www.kb.cert.org/vuls/id/343145
http://www.osvdb.org/34391
http://www.securityfocus.com/bid/23809
https://exchange.xforce.ibmcloud.com/vulnerabilities/33889
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1890