The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
| Link | Tags |
|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2300 | vdb entry third party advisory signature |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5509 | vdb entry third party advisory signature |
| http://www.securityfocus.com/bid/11374 | vdb entry third party advisory |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-035 | patch vendor advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17660 | vdb entry third party advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17621 | vdb entry third party advisory |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3460 | vdb entry third party advisory signature |
| http://www.kb.cert.org/vuls/id/394792 | us government resource third party advisory patch |