- home
- reviews
- news
- downloads
- cnet tv
HOLIDAY HELP DESK: Broadcasting live at 1:00 p.m., PT
- log in
- join CNET
- welcome,
- my profile
- log out

Microsoft Security Bulletin MS02-037 Q326322

Quick specs
Price: Update
Operating system: Windows 2000/NT
Date added: July 24, 2002
Total Downloads: 9
Downloads last week: 1
See full specifications

Add to my list Add to my Watch List

Download Now (1.05MB)

Tested spyware free

Average user rating: Be the first to rate this product!

Publisher's description

From Microsoft :

The Internet Mail Connector (IMC) enables Microsoft Exchange Server to communicate with other mail servers via SMTP. When the IMC receives an SMTP extended Hello (EHLO) protocol command from a connecting SMTP server, it responds by sending a status reply that starts with the following: 250-<Exchange server ID>Hello<Connecting server ID>

Where:

<Exchange server ID> is the fully-qualified domain name (FQDN) of the Exchange server
<Connecting server ID> is either the FQDN or the IP address of the server that initiated the connection. The FQDN would be used if the Exchange5.5 IMC is able to resolve this information through a reverse DNS lookup; the IP address would be used if a reverse DNS lookup was not possible or failed to resolve the connecting servers IP address.

A security vulnerability results because of an unchecked buffer in the IMC code that generates the response to the EHLO protocol command. If the total length of the message exceeds a particular value, the data would overrun the buffer. If the buffer were overrun with random data, it would result in the failure of the IMC. If, however, the buffer were overrun with carefully chosen data, it could be possible for the attacker to run code in the security context of the IMC, which runs as Exchange5.5 Service Account.

It is important to note that the attacker could not simply send data to the IMC in order to overrun the buffer. Instead, the attacker would need to create a set of conditions that would cause the IMC to overrun its own buffer when it generated the EHLO response. Specifically, the attacker would need to ensure that a reverse DNS lookup would not only succeed, but would provide an FQDN whose length was sufficient to result in the buffer overrun.

Before You Download!

Run a FREE SCAN for Windows errors.

Download Now

More popular Operating Systems & Updates downloads

20,203 downloads 1. DriverMax
18,963 downloads 2. CNET TechTracker app
7,989 downloads 3. Windows 7 USB/DVD Download Tool
6,279 downloads 4. Microsoft Windows XP Home Edition
5,731 downloads 5. Windows XP Media Center Edition
See all Operating Systems & Updates downloads

Mac Starter Kit

Everything you need to get your Mac up to speed.

Download Now

User reviews

Write your own review Be the first one to review Microsoft Security Bulletin MS02-037 Q326322 and share your experience with the CNET community!
Previous versions: See all user reviews

Submit your review

Microsoft Security Bulletin MS02-037 Q326322

ORLog in with your Facebook account

1. Rate this product:: (Mouse over the stars to rate this product and click to set your rating.)
2. One-line summary:(Summarize your review in one line. 10 characters minimum; required.): 0 of 55 characters
3. Pros:(Tell us what you like about this product. 10 characters minimum; required.): 0 of 250 characters
4. Cons:(Tell us what you don't like about this product. 10 characters minimum; required.): 0 of 250 characters
Bottom-line summary:(Explain to us in detail why you like or dislike the product, focusing your comments on the product's features and functionality, and your experience using the product. This field is optional.): 0 of 5000 characters; Submit