Microsoft Exchange Server does not properly handle the vCal and iCal properties of email messages. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on an Exchange Server.
Microsoft Exchange Server
Microsoft's Exchange Server supports a number of protocols for handling email, including the Simple Mail Transfer Protocol (SMTP) and SMTP extended verbs as defined by RFC 2821.
A remote, unauthenticated attacker may be able execute arbitrary code on a vulnerable system.
Apply an update
Microsoft has addressed this issue in Microsoft Security Bulletin MS06-019.
Refer to Microsoft Security Bulletin MS06-019 for workarounds for this issue.
This vulnerability was reported in Microsoft Security Bulletin MS06-019
This document was written by Jeff Gennari based on information provided by Microsoft.
|Date First Published:||2006-05-09|
|Date Last Updated:||2006-06-22 16:22 UTC|