1. CVE-Search
  2. CVE-2007-0039
ID CVE-2007-0039
Summary The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:exchange_server:2003:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:2003:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:exchange_server:2007:-:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:2007:-:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 09-04-2020 - 13:30)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
oval via4
accepted 2008-05-05T04:00:11.538-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Clifford Farrugia
    organization GFI Software
definition_extensions
  • comment Microsoft Exchange Server 2000 Service Pack 3 is installed
    oval oval:org.mitre.oval:def:1858
  • comment Microsoft Exchange Server 2003 Service Pack 1 is installed
    oval oval:org.mitre.oval:def:1672
  • comment Microsoft Exchange Server 2003 Service Pack 2 is installed
    oval oval:org.mitre.oval:def:1869
  • comment Microsoft Exchange Server 2007 (no Service Pack) is installed
    oval oval:org.mitre.oval:def:1641
description The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
family windows
id oval:org.mitre.oval:def:1593
status accepted
submitted 2007-05-09T10:04:48
title Malformed iCal Vulnerability
version 7
refmap via4
bid 23808
bugtraq 20070508 Exchange Calendar MODPROPS Denial of Service (CVE-2007-0039)
cert TA07-128A
fulldisc 20070509 Exchange Calendar MODPROPS Denial of Service (CVE-2007-0039)
hp
  • HPSBST02214
  • SSRT071422
misc http://www.determina.com/security.research/vulnerabilities/exchange-ical-modprops.html
osvdb 34390
sectrack 1018015
secunia 25183
vupen ADV-2007-1711
xf exchange-ical-dos(33888)
Last major update 09-04-2020 - 13:30
Published 08-05-2007 - 23:19
Last modified 09-04-2020 - 13:30
Back to Top