Arbitrary Code Execution Vulnerability in Microsoft Windows XP, Windows Server 2003, and Exchange Server 2003

Arbitrary Code Execution Vulnerability in Microsoft Windows XP, Windows Server 2003, and Exchange Server 2003

CVE-2004-0840 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.

Learn more about our Cis Benchmark Audit For Microsoft Exchange Server.