Vulnerabilities > CVE-2007-0039 - Null Pointer Dereference vulnerability in Microsoft Exchange Server 2000/2003/2007
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS07-026.NASL |
| description | The remote host is running a version of exchange that is vulnerable to a bug in the iCal attachment and MIME decoding routines, as well as in the IMAP literal processing and in OWA. These vulnerabilities could allow an attacker execute arbitrary code on the remote host. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 25165 |
| published | 2007-05-08 |
| reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/25165 |
| title | MS07-026: Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (931832) |
Oval
| accepted | 2008-05-05T04:00:11.538-04:00 | ||||||||||||||||
| class | vulnerability | ||||||||||||||||
| contributors |
| ||||||||||||||||
| definition_extensions |
| ||||||||||||||||
| description | The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception. | ||||||||||||||||
| family | windows | ||||||||||||||||
| id | oval:org.mitre.oval:def:1593 | ||||||||||||||||
| status | accepted | ||||||||||||||||
| submitted | 2007-05-09T10:04:48 | ||||||||||||||||
| title | Malformed iCal Vulnerability | ||||||||||||||||
| version | 7 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063232.html
- http://secunia.com/advisories/25183
- http://www.determina.com/security.research/vulnerabilities/exchange-ical-modprops.html
- http://www.osvdb.org/34390
- http://www.securityfocus.com/archive/1/468047/100/0/threaded
- http://www.securityfocus.com/archive/1/468871/100/200/threaded
- http://www.securityfocus.com/bid/23808
- http://www.securitytracker.com/id?1018015
- http://www.us-cert.gov/cas/techalerts/TA07-128A.html
- http://www.vupen.com/english/advisories/2007/1711
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-026
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33888
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1593