CVSS: 7.5EPSS: 40%CPEs: 16EXPL: 0CVE-2010-0024
https://notcve.org/view.php?id=CVE-2010-0024
14 Apr 2010 — The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." El componente SMTP en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, y Server 2008 Gold, SP2, y R2, y Exchange Server 2000 SP3, no valida adecuada... • http://www.us-cert.gov/cas/techalerts/TA10-103A.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 54%CPEs: 16EXPL: 0CVE-2010-0025
https://notcve.org/view.php?id=CVE-2010-0025
14 Apr 2010 — The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability." El componente SMTP en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, y Server 2008 Gold, SP2, y R2, y Ex... • http://secunia.com/advisories/39253 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 1CVE-2009-1491
https://notcve.org/view.php?id=CVE-2009-1491
05 May 2009 — McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body. McAfee GroupShield para Microsoft Exchange en Exchange Server 2000, y posiblemente otros productos antivirus y antispam de McAfee y otros vendedores, no escanea ... • http://www.nmrc.org/~thegnome/blog/apr09 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 60%CPEs: 3EXPL: 0CVE-2009-0098
https://notcve.org/view.php?id=CVE-2009-0098
10 Feb 2009 — Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2 y Exchange Server 2007 SP1; no interpreta adecuadamente las propiedades de Transport Neutral Encapsulation (TNEF), esto permite a atacantes remotos ejecutar cód... • http://osvdb.org/51837 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 71%CPEs: 3EXPL: 0CVE-2009-0099
https://notcve.org/view.php?id=CVE-2009-0099
10 Feb 2009 — The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." El proveedor Electronic Messaging System Microsoft Data Base (EMSMDB32) en Microsoft Exchange 2000 Server SP3 y Exchange Server 2003 SP2, utilizado como Exchange System Attendant, permite a ... • http://osvdb.org/51838 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 36%CPEs: 4EXPL: 0CVE-2007-0039
https://notcve.org/view.php?id=CVE-2007-0039
08 May 2007 — The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception. La funcionalidad Exchange Collaboration Data Objects (EXCDO) en Microsoft Exchange Server 2000... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063232.html • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 79%CPEs: 4EXPL: 2CVE-2007-0213 – Microsoft Exchange 2003 - base64-MIME Remote Code Execution
https://notcve.org/view.php?id=CVE-2007-0213
08 May 2007 — Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. Microsoft Exchange Server 2000 SP3, 2003 SP1 y SP2, y 2007 no decodifica apropiadamente correos electrónicos concretos con codificación MIME, lo cual permite a atacantes remotos ejecutar código de su elección mediante un mensaje de correo electrónico manipulado con codificación base64 MI... • https://packetstorm.news/files/id/153533 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 35%CPEs: 3EXPL: 0CVE-2007-0220
https://notcve.org/view.php?id=CVE-2007-0220
08 May 2007 — Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label". Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Outlook Web Access (OWA) de Microsoft Exchange Server 2000 SP3, y 2003 SP1 y SP2 permite a atac... • http://secunia.com/advisories/25183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 64%CPEs: 1EXPL: 0CVE-2007-0221
https://notcve.org/view.php?id=CVE-2007-0221
08 May 2007 — Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability." Un desbordamiento de enteros en el soporte IMAP (IMAP4) en Microsoft Exchange Server 2000 SP3 permite a los atacantes remotos causar una denegación de servicio (suspensión de servicio) por medio de literales creados en un comando IMAP, también se conoce como la "IMAP Lit... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=526 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.1EPSS: 56%CPEs: 3EXPL: 1CVE-2006-1193 – Microsoft Exchange Server 2000/2003 - Outlook Web Access Script Injection
https://notcve.org/view.php?id=CVE-2006-1193
13 Jun 2006 — Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing." • https://www.exploit-db.com/exploits/28005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •