Vulnerability in Exchange Server Could Allow Remote Code Execution (Bulletin MS05-021)
On April 12, 2005 Microsoft released its latest batch of security bulletins. Included in this batch, nine bulletins in all, is one critical bulletin concerning Microsoft Exchange. This critical update fixes a program flaw in the Simple Mail Transfer Protocol (SMTP) service that can allow a remote attacker to execute remote code on the target system.
An attacker can send a specially crafted X-Link2State message, which is an Exchange email routing command, to overflow a buffer and execute arbitrary code. Exchange 2000 has been rated at a higher level of criticality because unlike Exchange 2003, it does not require an authenticated session before accepting the X-Link2State message. The SMTP service is a public service (available to all computers on the internet) and is responsible for handling all incoming and outgoing email for an organization. This vulnerability could be exploited by an internet worm to damage the email system, but it will most likely be used by spammers in attempt to send spam although the Exchange server. Safe Systems recommends the patch be installed immediately.