HighRealSecure Desktop, Proventia Network IPS, Proventia Desktop, RealSecure Server Sensor, RealSecure Network, BlackICE Server Protection, BlackICE PC Protection, IBM Security Server Protection for Windows, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:
This signature detects malformed MIME-encoded data that could lead to remote-code execution in Microsoft Exchange.
This signature detects malformed MIME-encoded data that could lead to remote-code execution in vulnerable versions of Microsoft Exchange Server. The vulnerability was patched by Microsoft in May 2007 (see Microsoft Security Bulletin MS07-26), so, mail servers updated on or after that date should not be vulnerable to the attacks this signature detects.
Proventia Network IPS, Proventia Desktop, RealSecure Server Sensor, RealSecure Network, IBM Security Server Protection for Windows, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology: This issue can trigger on validly formatted e-mail messages, especially exceptionally long messages formatted by specific mail clients.
High
RealSecure Desktop: eqh, Proventia Network IPS: XPU 27.010, Proventia Desktop: 2020, RealSecure Server Sensor: XPU 27.010, RealSecure Network: XPU 27.010, BlackICE Server Protection: 3.6.cqh, BlackICE PC Protection: 3.6cqh, IBM Security Server Protection for Windows: 2.1.14.2400, IBM Security Server Protection for Windows: 1.0.914.2020, Proventia Network MFS: XPU 27.010, Proventia-G 1.1 and earlier: XPU 27.010, Proventia Network IDS: XPU 27.010, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 27.010
Microsoft Exchange Server: 2003 SP1, Microsoft Exchange Server: 2000 SP3, Microsoft Exchange Server: 2003 SP2, Microsoft Windows Vista, Microsoft Exchange Server: 2007
Unauthorized Access Attempt
Microsoft Exchange could allow a remote attacker to execute arbitrary code on the system, caused by improper decoding of MIME base64-encoded content. An attacker could exploit this vulnerability by sending a specially-crafted email to a user account on the server to execute arbitrary code on the system with the victim's privileges, once the email is opened.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Bulletin MS07-026
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)
http://www.microsoft.com/technet/security/Bulletin/MS07-026.mspx
IBM Internet Security Systems Protection Alert, May 8, 2007
Microsoft Exchange MIME base64 code execution
http://www.iss.net/threats/262.html
Microsoft Security Bulletin MS08-039
Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
http://www.microsoft.com/technet/security/bulletin/ms08-039.mspx
NORTEL BULLETIN ID: 2008008958, Rev 1
Centrex IP Client Manager (CICM) response to Microsoft July security bulletin
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=745165
Microsoft Security Bulletin MS09-003
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
http://www.microsoft.com/technet/security/bulletin/MS09-003.mspx
ISS X-Force
Microsoft Exchange MIME base64 code execution
http://www.iss.net/security_center/static/33889.php
CVE
CVE-2007-0213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0213