CVE-2007-0039 Information

Feb 14, 2021 cve

Description

The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3 2003 SP1 and SP2 and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first which triggers a NULL pointer dereference and an unhandled exception.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063232.html http://secunia.com/advisories/25183 http://www.determina.com/security.research/vulnerabilities/exchange-ical-modprops.html http://www.osvdb.org/34390 http://www.securityfocus.com/archive/1/468047/100/0/threaded http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23808 http://www.securitytracker.com/id?1018015 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1711 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-026 https://exchange.xforce.ibmcloud.com/vulnerabilities/33888 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1593

Share on: