漏洞信息详情
Microsoft Exchange Base64 MIME消息远程代码执行漏洞
- CNNVD编号:CNNVD-200705-127
- 危害等级: 高危
- CVE编号: CVE-2007-0213
- 漏洞类型: 输入验证错误
- 发布时间: 2007-05-08
- 威胁类型: 远程
- 更新时间: 2020-04-10
- 厂 商: microsoft
- 漏洞来源: Charles Truscott,M...
漏洞简介
Microsoft Exchange Server是一款企业级的邮件服务程序。
Microsoft Exchange Server处理特定的畸形编码数据时存在漏洞,远程攻击者可能利用此漏洞控制服务器。
Microsoft Exchange没有正确地解码base64编码的内容,如果用户向服务器发送了特制的base64编码的MIME邮件消息的话,就可能导致执行任意指令。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
临时解决方法:
* 对于所有客户端和邮件传输协议,要求对到运行Microsoft Exchange Server的服务器的连接进行认证。
厂商补丁:
Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS07-026)以及相应补丁:
MS07-026:Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)
链接:
http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx?pf=true
参考网址
来源:MS
链接:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-026
来源:HP
链接:http://www.securityfocus.com/archive/1/468871/100/200/threaded
来源:MISC
链接:https://packetstormsecurity.com/files/153533/Microsoft-Exchange-2003-base64-MIME-Remote-Code-Execution.HTML
来源:OSVDB
链接:http://www.osvdb.org/34391
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/33889
来源:www.kb.cert.org
链接:http://www.kb.cert.org/vuls/id/343145
来源:www.microsoft.com
链接:http://www.microsoft.com/technet/security/Bulletin/MS07-026.mspx
来源:support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2007-191.htm
来源:products.office.com
链接:https://products.office.com/en-US/exchange/
来源:CERT
链接:http://www.us-cert.gov/cas/techalerts/TA07-128A.HTML
来源:BID
链接:https://www.securityfocus.com/bid/23809
来源:SECTRACK
链接:http://www.securitytracker.com/id?1018015
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2007/1711
来源:SECUNIA
链接:http://secunia.com/advisories/25183
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1890
来源:www.exploit-db.com
链接:https://www.exploit-db.com/exploits/47076
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/153533/Microsoft-Exchange-2003-base64-MIME-Remote-Code-Execution.HTML
来源:www.securityfocus.com
链接:https://www.securityfocus.com/bid/23809
受影响实体
- Microsoft Exchange_server:2003:Sp1
- Microsoft Exchange_server:2003:Sp2
- Microsoft Exchange_server:2007
- Microsoft Exchange_server:2000:Sp3
补丁
暂无
评论