CVE-2007-0213 – Microsoft Exchange 2003 - base64-MIME Remote Code Execution

https://notcve.org/view.php?id=CVE-2007-0213

Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. Microsoft Exchange Server 2000 SP3, 2003 SP1 y SP2, y 2007 no decodifica apropiadamente correos electrónicos concretos con codificación MIME, lo cual permite a atacantes remotos ejecutar código de su elección mediante un mensaje de correo electrónico manipulado con codificación base64 MIME. • https://www.exploit-db.com/exploits/47076 http://packetstormsecurity.com/files/153533/Microsoft-Exchange-2003-base64-MIME-Remote-Code-Execution.html http://secunia.com/advisories/25183 http://www.kb.cert.org/vuls/id/343145 http://www.osvdb.org/34391 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23809 http://www.securitytracker.com/id?1018015 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english& • CWE-20: Improper Input Validation •