CVSS: 7.8EPSS: 36%CPEs: 4EXPL: 0CVE-2007-0039
https://notcve.org/view.php?id=CVE-2007-0039
08 May 2007 — The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception. La funcionalidad Exchange Collaboration Data Objects (EXCDO) en Microsoft Exchange Server 2000... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063232.html • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 79%CPEs: 4EXPL: 2CVE-2007-0213 – Microsoft Exchange 2003 - base64-MIME Remote Code Execution
https://notcve.org/view.php?id=CVE-2007-0213
08 May 2007 — Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. Microsoft Exchange Server 2000 SP3, 2003 SP1 y SP2, y 2007 no decodifica apropiadamente correos electrónicos concretos con codificación MIME, lo cual permite a atacantes remotos ejecutar código de su elección mediante un mensaje de correo electrónico manipulado con codificación base64 MI... • https://packetstorm.news/files/id/153533 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 35%CPEs: 3EXPL: 0CVE-2007-0220
https://notcve.org/view.php?id=CVE-2007-0220
08 May 2007 — Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label". Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Outlook Web Access (OWA) de Microsoft Exchange Server 2000 SP3, y 2003 SP1 y SP2 permite a atac... • http://secunia.com/advisories/25183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 87%CPEs: 3EXPL: 1CVE-2006-0027 – MS06-019 Exchange MODPROP Heap Overflow
https://notcve.org/view.php?id=CVE-2006-0027
09 May 2006 — Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties. • https://packetstorm.news/files/id/180581 •
CVSS: 8.8EPSS: 56%CPEs: 16EXPL: 0CVE-2006-0002
https://notcve.org/view.php?id=CVE-2006-0002
10 Jan 2006 — Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. • http://secunia.com/advisories/18368 •
CVSS: 9.8EPSS: 76%CPEs: 2EXPL: 1CVE-2005-0560 – Microsoft Exchange Server - Remote Code Execution (MS05-021)
https://notcve.org/view.php?id=CVE-2005-0560
13 Apr 2005 — Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port. • https://www.exploit-db.com/exploits/947 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 12%CPEs: 2EXPL: 0CVE-2005-0738
https://notcve.org/view.php?id=CVE-2005-0738
13 Mar 2005 — Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls. • http://secunia.com/advisories/14543 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 75%CPEs: 2EXPL: 3CVE-2005-0420 – Microsoft Outlook 2003 - Web Access Login Form Remote URI redirection
https://notcve.org/view.php?id=CVE-2005-0420
15 Feb 2005 — Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application. Microsoft Outlook Web Access (OWA), cuando se usa con Exchange, permite a atacantes remotos redirigir usuario a URLs de inicio de sesión de su elección mediante un enlace a la aplicación owalogin.asp. • https://www.exploit-db.com/exploits/25084 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 10.0EPSS: 85%CPEs: 5EXPL: 1CVE-2004-0574 – Microsoft Windows NNTP Service (XPAT) - Denial of Service (MS04-036)
https://notcve.org/view.php?id=CVE-2004-0574
16 Oct 2004 — The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. El componente de Protocolo de Transferencia de Noticias de Red (NNTP) de Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Se... • https://www.exploit-db.com/exploits/578 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 33%CPEs: 4EXPL: 0CVE-2004-0840
https://notcve.org/view.php?id=CVE-2004-0840
16 Oct 2004 — The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. El componente SMTP (Simple Mail Transfer Protocol) de Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, y el... • http://www.kb.cert.org/vuls/id/394792 • CWE-20: Improper Input Validation •