CVE-2005-0560

Name of the Vulnerable Software and Affected Versions Exchange Server versions 2000 through 2003

Description A heap-based buffer overflow issue exists in the SvrAppendReceivedChunk function in xlsasink.dll, which is part of the SMTP service. This allows remote attackers to execute arbitrary code by sending a crafted X-LINK2STATE extended verb request to the SMTP port.

Recommendations For Exchange Server versions 2000 through 2003, consider restricting access to the SMTP port until a fix is available. As a temporary workaround, disabling the xlsasink.dll module may help minimize the risk of exploitation.