CVE-2004-0840

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP 64-bit Edition (affected versions not specified) Microsoft Windows Server 2003 (affected versions not specified) Microsoft Windows Server 2003 64-bit Edition (affected versions not specified) Microsoft Exchange Server 2003 (affected versions not specified)

Description: The issue concerns the SMTP component of certain Microsoft products and the Exchange Routing Engine component of Exchange Server 2003. It allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.

Recommendations: For Microsoft Windows XP 64-bit Edition, update to a version that includes the fix for this issue. For Microsoft Windows Server 2003, update to a version that includes the fix for this issue. For Microsoft Windows Server 2003 64-bit Edition, update to a version that includes the fix for this issue. For Microsoft Exchange Server 2003, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the SMTP component until a patch is available.