CVE-2010-3937

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server 2007 SP2 on the x64 platform Microsoft Exchange 2007

Description A denial of service issue exists due to the way the Microsoft Exchange store processes specially crafted RPC calls. The vulnerable code path is only accessible to authenticated users. An authenticated attacker could exploit this by sending a specially crafted network message to a computer running the Exchange service, causing the Exchange service to stop responding until manually restarted.

Recommendations For Microsoft Exchange Server 2007 SP2 on the x64 platform, consider restricting access to the RPC endpoint to minimize the risk of exploitation. For Microsoft Exchange 2007, restrict access to the vulnerable code path to prevent authenticated attackers from sending specially crafted network messages. At the moment, there is no information about a newer version that contains a fix for this vulnerability.