Joseph W Pruszynski

**Name of the Vulnerable Software and Affected Versions** Microsoft Exchange Server versions 2000 SP3, 2003 SP1 and SP2, and 2007 **Description** A remote code execution issue exists due to improper decoding of certain MIME encoded e-mails, allowing attackers to execute arbitrary code via crafted base64-encoded MIME e-mail messages. This is caused by the way Microsoft Exchange Server decodes specially crafted e-mail messages. An attacker could exploit this by sending a specially crafted e-mail to a Microsoft Exchange Server user account, potentially taking complete control of an affected system. **Recommendations** For Microsoft Exchange Server versions 2000 SP3, 2003 SP1 and SP2, and 2007, consider restricting the handling of base64-encoded MIME e-mail messages until a proper fix is applied. As a temporary workaround, consider disabling the decoding of specially crafted e-mail messages to minimize the risk of exploitation.