MS07-026: Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (931832)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

Arbitrary code can be executed on the remote host through the email server.

Description :

The remote host is running a version of exchange that is vulnerable
to a bug in the iCal attachment and MIME decoding routines, as well
as in the IMAP literal processing and in OWA.

These vulnerabilities could allow an attacker execute arbitrary code on the
remote host.

See also :

http://technet.microsoft.com/en-us/security/bulletin/MS07-026

Solution :

Microsoft has released a set of patches for Exchange 2000 and 2003.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 25165 ()

Bugtraq ID: 23806
23808
23809
23810

CVE ID: CVE-2007-0220
CVE-2007-0039
CVE-2007-0213
CVE-2007-0221