CVE-2007-0039

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions 2000 SP3 through 2007

Description The issue is related to the handling of Internet Calendar (iCal) files, specifically when these files contain multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties. If the second MODPROPS is longer than the first, it can trigger a NULL pointer dereference and an unhandled exception, leading to a denial of service (crash). This can be exploited by sending an e-mail message with a specially crafted iCal file to a Microsoft Exchange Server user account, causing the mail service to stop responding.

Recommendations For Microsoft Exchange Server versions 2000 SP3 through 2007, consider restricting access to calendar content requests until a fix is available. As a temporary workaround, avoid using the X-MICROSOFT-CDO-MODPROPS properties in iCal files to minimize the risk of exploitation.