Intrusion Prevention

MS.CDO.Remote.Code.Execution

Description

This indicates an attack attempt against a buffer overflow vulnerability in Collaboration Data Objects (CDO) which are used in Microsoft Exchange Server.
The vulnerability is caused by an error when DOSYS or CDOEX processes an e-mail message with a large header name, such as one using the "Content-Type" string. It allows a remote attacker to execute arbitrary code via sending a crafted SMTP request.

Affected Products

Microsoft Exchange Server 2000 - Microsoft Exchange Server 2000 SP3
Microsoft IIS 5.0 - Microsoft IIS 6.0
Microsoft Windows 2000 (all versions)
Microsoft Windows 2003 (all versions)
Microsoft Windows XP (all versions)

Impact

System compromise

Recommended Actions

Microsoft has released a critical update to fix this vulnerability. Please apply MS05-048 to all vulnerable systems.

CVE References

CVE-2005-1987