BID:12764

Microsoft Exchange Server Mail Box Sub Folder Denial Of Service Vulnerability

Info

Microsoft Exchange Server Mail Box Sub Folder Denial Of Service Vulnerability

Bugtraq ID:	12764
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Mar 09 2005 12:00AM
Updated:	Mar 09 2005 12:00AM
Credit:	The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue.
Vulnerable:	Microsoft Exchange Server 2003 SP1 Microsoft Exchange Server 2003

Not Vulnerable:

Discussion

Microsoft Exchange Server Mail Box Sub Folder Denial Of Service Vulnerability

A denial of service vulnerability affects Microsoft Exchange Server. This issue is due to the application failing to efficiently handle the manipulation of specially crafted folders.

An attacker may leverage this issue to cause the Microsoft Exchange Information Store service to stop responding, denying service to legitimate users.

Exploit / POC

Microsoft Exchange Server Mail Box Sub Folder Denial Of Service Vulnerability

No exploit is required to leverage this issue.

Solution / Fix

Microsoft Exchange Server Mail Box Sub Folder Denial Of Service Vulnerability

Solution:
The vendor has released a hotfix dealing with this issue. Please contact Microsoft Product Support Services for more information on obtaining the fix.

References

Microsoft Exchange Server Mail Box Sub Folder Denial Of Service Vulnerability

References:

Article ID:891504 - When you try to move or to remove a folder that contains... (Microsoft)