CVE-2007-0213

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions 2000 SP3, 2003 SP1 and SP2, and 2007

Description A remote code execution issue exists due to improper decoding of certain MIME encoded e-mails, allowing attackers to execute arbitrary code via crafted base64-encoded MIME e-mail messages. This is caused by the way Microsoft Exchange Server decodes specially crafted e-mail messages. An attacker could exploit this by sending a specially crafted e-mail to a Microsoft Exchange Server user account, potentially taking complete control of an affected system.

Recommendations For Microsoft Exchange Server versions 2000 SP3, 2003 SP1 and SP2, and 2007, consider restricting the handling of base64-encoded MIME e-mail messages until a proper fix is applied. As a temporary workaround, consider disabling the decoding of specially crafted e-mail messages to minimize the risk of exploitation.