Follow @discotekdotca
CVE-2007-0039
Current Description
The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
Basic Data
| Published | May 08, 2007 |
|---|---|
| Last Modified | April 09, 2020 |
| Assigner | cve@mitre.org |
| Data Type | CVE |
| Data Format | MITRE |
| Data Version | 4.0 |
| Problem Type | CWE-476 |
| CVE Data Version | 4.0 |
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|---|
| CVSS 2 - Vector String | AV:N/AC:L/Au:N/C:N/I:N/A:C |
| CVSS 2 - Access Vector | NETWORK |
| CVSS 2 - Access Complexity | LOW |
| CVSS 2 - Authentication | NONE |
| CVSS 2 - Confidentiality Impact | NONE |
| CVSS 2 - Availability Impact | COMPLETE |
| CVSS 2 - Base Score | 7.8 |
| Severity | HIGH |
| Exploitability Score | 10.0 |
| Impact Score | 6.9 |
| Obtain All Privilege | false |
| Obtain User Privilege | false |
| Obtain Other Privilege | false |
Base Metric V3
No data provided.
Configurations
-
OR - Configuration 1
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Application Microsoft Exchange Server 2000 sp3 * * * * * * � � � � 2.3 Application Microsoft Exchange Server 2003 sp1 * * * * * * � � � � 2.3 Application Microsoft Exchange Server 2003 sp2 * * * * * * � � � � 2.3 Application Microsoft Exchange Server 2007 - * * * * * * � � � �
Vulnerable Software List
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Exchange Server | 2000, 2003, 2007 |
References
| Name | Source | URL | Tags |
|---|---|---|---|
| 20070509 Exchange Calendar MODPROPS Denial of Service (CVE-2007-0039) | http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063232.html | FULLDISC | Mailing List Third Party Advisory |
| 25183 | http://secunia.com/advisories/25183 | SECUNIA | Third Party Advisory |
| http://www.determina.com/security.research/vulnerabilities/exchange-ical-modprops.html | http://www.determina.com/security.research/vulnerabilities/exchange-ical-modprops.html | MISC | Broken Link |
| 34390 | http://www.osvdb.org/34390 | OSVDB | Broken Link |
| 20070508 Exchange Calendar MODPROPS Denial of Service (CVE-2007-0039) | http://www.securityfocus.com/archive/1/468047/100/0/threaded | BUGTRAQ | Third Party Advisory VDB Entry |
| HPSBST02214 | http://www.securityfocus.com/archive/1/468871/100/200/threaded | HP | Third Party Advisory VDB Entry |
| 23808 | http://www.securityfocus.com/bid/23808 | BID | Third Party Advisory VDB Entry |
| 1018015 | http://www.securitytracker.com/id?1018015 | SECTRACK | Third Party Advisory VDB Entry |
| TA07-128A | http://www.us-cert.gov/cas/techalerts/TA07-128A.html | CERT | Third Party Advisory US Government Resource |
| ADV-2007-1711 | http://www.vupen.com/english/advisories/2007/1711 | VUPEN | Permissions Required |
| MS07-026 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-026 | MS | PATCH Vendor Advisory |
| exchange-ical-dos(33888) | https://exchange.xforce.ibmcloud.com/vulnerabilities/33888 | XF | Third Party Advisory VDB Entry |
| oval:org.mitre.oval:def:1593 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1593 | OVAL | Third Party Advisory |