Reported February 27, 2002, by Microsoft.

VERSIONS AFFECTED

 

·         Windows XP Professional

·         Windows 2000

·         Exchange Server 2000

 

DESCRIPTION
A Denial of Service (DoS) condition exists in the SMTP service of Windows XP Professional, Windows 2000, and Exchange 2000 Server. A vulnerability exists in how the service handles a particular type of SMTP command used to transfer incoming mail data. By issuing a malformed version of the SMTP command, an attacker can cause the SMTP service to fail.

 

VENDOR RESPONSE

The vendor, Microsoft, has released Security Bulletin MS02-012, which addresses this vulnerability, and recommends that affected users immediately apply the appropriate patch at the URL listed in Security Bulletin MS02-012.

 

CREDIT
Discovered by HD Moore.