A buffer overflow in Microsoft Collaboration Data Objects may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Microsoft Collaboration Data Objects (CDO) is a scripting library used to develop applications that handle email. Note that CDO is commonly associated with cdosys.dll and codex.dll. An input validation error in CDO may allow a buffer overflow to occur in applications or components that use CDO. If a remote, unauthenticated attacker supplies an application or component that uses CDO with a specially crafted message, that attacker may be able to trigger the buffer overflow and, consequently, execute arbitrary code.
For more information, including a list of affected software, please see MS05-048. Please note that exploit code for this vulnerability is publicly available.
If a remote attacker supplies an application that uses CDO with a specially crafted message, that attacker may be able execute arbitrary code on a vulnerable system.
Apply an update
Microsoft has addressed this issue in Microsoft Security Bulletin MS05-048.
Disable event sinks on Exchange 2000 Server and on servers that are running IIS
This vulnerability was reported in Microsoft Security Bulletin MS05-048. Microsoft credits Gary O’leary-Steele of Sec-1 with reporting this issue.
This document was written by Jeff Gennari.
|Date First Published:||2005-10-11|
|Date Last Updated:||2005-10-14 17:29 UTC|