Welcome to the Virus Encyclopedia of Panda Security.
|Alias:||Vulnerabilities in Microsoft Exchange, Vulnerabilidades en Microsoft Exchange|
It is a group of critical vulnerabilities in Exchange Server 2007/2003/2000, which allows hackers to gain remote control of the affected computer, to launch denial of service attacks and to disclose information.
|First detected on:||May 9, 2007|
|Detection updated on:||May 9, 2007|
MS07-026 is not categorized as virus, worm, Trojan or backdoor. It is a group of critical vulnerabilities in Exchange Server 2007/2003/2000, which allows arbitrary code to be remotely executed, denial of service attacks to be launched or information to be disclosed.
The addresses vulnerabilities are:
- Outlook Web Access Script Injection vulnerability: an information disclosure vulnerability which is usually exploited by sending a specially crafted file via email and enticing users into opening it.
- Malformed iCal vulnerability: a denial of service vulnerability which is usually exploited by creating a specially crafted iCal file and sending it via email to a vulnerable computer.
- MIME Decoding vulnerability: a remote code execution vulnerability which is usually exploited by sending a specially crafted email to an Exchange Server user account.
- IMAP Literal Processing vulnerability: a denial of service vulnerability which is usually exploited by sending a specially crafted IMAP command to an Exchange Server configured as an IMAP server.
If you have Exchange Server 2007/2003/2000, it is recommended to download and apply the security patch for these vulnerabilities. Click here to access the web page for downloading the patch.