MinorRev: Microsoft Security Bulletin MS03-046 - Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436)

• Previous message: Derek Soeder: "EEYE: Windows Workstation Service Remote Buffer Overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Tue, 11 Nov 2003 18:34:13 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Reason for Revision:
V1.2 November 11, 2003: Corrected file sizes under "Security Patch
Information" "Exchange Server 5.5 Service Pack 4". Added information
about Exchange 2000 Post-Service Pack 3 (SP3) Rollup Patch.

Microsoft Security Bulletin MS03-046:
Vulnerability in Exchange Server Could Allow Arbitrary Code Execution
(829436)

Bulletin URL:
http://www.microsoft.com/technet/security/bulletin/MS03-046.asp

Summary:
 Version Number: V1.2
 Revision Date: 11-11-2003
 Impact of Vulnerability: Remote Code Execution
 Maximum Severity Rating: Critical
 Patch(es) Replaced: None
 Caveats: None
 CVE Number(s): CAN-2003-0714

Tested Software:
 Affected Software:
 * Microsoft Exchange Server 5.5, Service Pack 4
<http://www.ntbugtraq.com/link/A9E872EA-54B0-4179-8AE9-5648BFB46459.asp>
 * Microsoft Exchange 2000 Server, Service Pack 3
<http://www.ntbugtraq.com/link/7BAF5394-1B4E-4937-A570-9F232AE49F01.asp>

 Software Not Affected:
 * Microsoft Exchange Server 2003

This email is sent to NTBugtraq automagically as a service to my
subscribers. (v2.0)

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
12/31/03 and cannot be used in combination with other offers.
----

• Previous message: Derek Soeder: "EEYE: Windows Workstation Service Remote Buffer Overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Outlook Web Access loses bits ... Outlook Web Access in Exchange Server 2003 ... Installation Instructions for Service Pack 1 for Windows Small Business ... Microsoft Exchange Server 2003 Service Pack 2 Release Notes ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) [NT] Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Allow Code Execution ... Get your security news from a reliable source. ... Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange ... Microsoft Exchange Server because of the way that it decodes the Transport ... (Securiteam) RE: Catchall not working, EXTERNALLY? ... Microsoft CSS Online Newsgroup Support ... but we will start using the exchange server fully ... When I open the connection (over internet) to my exchange account, ... (microsoft.public.windows.server.sbs) RE: Exchange SP2 - no autoupdate? ... One of your SBS server has not installed Exchange server 2003 Service Pack ... You may also manually download and install it from Microsoft ... You cannot install Exchange 2003 Service Pack 2 on a Windows Small Business ... (microsoft.public.windows.server.sbs) Re: Exchange Password ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... |> course of logging on to the Exchange server. ... if the local account uses the same ... (microsoft.public.windows.server.sbs)