Ben Layer

**Name of the Vulnerable Software and Affected Versions** Exchange Server versions 2000 through 2003 **Description** A heap-based buffer overflow issue exists in the SvrAppendReceivedChunk function in xlsasink.dll, which is part of the SMTP service. This allows remote attackers to execute arbitrary code by sending a crafted X-LINK2STATE extended verb request to the SMTP port. **Recommendations** For Exchange Server versions 2000 through 2003, consider restricting access to the SMTP port until a fix is available. As a temporary workaround, disabling the xlsasink.dll module may help minimize the risk of exploitation.