MS07-026: Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (931832)

This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.


Synopsis :

Arbitrary code can be executed on the remote host through the email server.

Description :

The remote host is running a version of exchange that is vulnerable
to a bug in the iCal attachment and MIME decoding routines, as well
as in the IMAP literal processing and in OWA.

These vulnerabilities could allow an attacker execute arbitrary code on the
remote host.

See also :

https://technet.microsoft.com/library/security/MS07-026

Solution :

Microsoft has released a set of patches for Exchange 2000 and 2003.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 25165 ()

Bugtraq ID: 23806
23808
23809
23810

CVE ID: CVE-2007-0220
CVE-2007-0039
CVE-2007-0213
CVE-2007-0221

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial