CVE-2003-0714

The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000.

Published: Nov 17, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-0714
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
microsoft / exchange_server	2000-sp1	2000-sp1.x
microsoft / exchange_server	2000-sp2	2000-sp2.x
microsoft / exchange_server	5.5-sp1	5.5-sp1.x
microsoft / exchange_server	5.5-sp4	5.5-sp4.x
microsoft / exchange_server	5.5-sp2	5.5-sp2.x
microsoft / exchange_server	2000-sp3	2000-sp3.x
microsoft / exchange_server	5.5-sp3	5.5-sp3.x
microsoft / exchange_server	5.5	5.5.x
microsoft / exchange_server	2000	2000.x

http://marc.info/?l=bugtraq&m=106682909006586&w=2
http://www.cert.org/advisories/CA-2003-27.html
http://www.kb.cert.org/vuls/id/422156
http://www.securityfocus.com/bid/8838
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-046

Vulnerability Database

289,599

CVE-2003-0714