Reported February 27, 2002, by Microsoft.
· Windows XP Professional
· Windows 2000
· Exchange Server 2000
A Denial of Service (DoS) condition exists in the SMTP service of Windows XP Professional, Windows 2000, and Exchange 2000 Server. A vulnerability exists in how the service handles a particular type of SMTP command used to transfer incoming mail data. By issuing a malformed version of the SMTP command, an attacker can cause the SMTP service to fail.
The vendor, Microsoft, has released Security Bulletin MS02-012, which addresses this vulnerability, and recommends that affected users immediately apply the appropriate patch at the URL listed in Security Bulletin MS02-012.
Discovered by HD Moore.