Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0284 — Classic Buffer Overflow in Microsoft Exchange Server

CWE-120 — Classic Buffer Overflow6 documents4 sources

Severity

7.5HIGHNVD

EPSS

3.3%

top 12.69%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Exchange Server

Timeline

PublishedJan 1

Latest updateApr 30

Description

Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/exchange_server4.0, 5.0+1

🔴Vulnerability Details

GHSA

GHSA-v64w-xq9r-xp4x: Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command↗2022-04-30

▶

CVEList

CVE-1999-0284: Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command↗2000-02-04

▶

💥Exploits & PoCs

Exploit-DB

Alt-N MDaemon Server 2.71 SP1 - SMTP HELO Argument Buffer Overflow↗1999-03-10

▶

Exploit-DB

Microsoft Exchange Server 4.0/5.0 - SMTP HELO Argument Buffer Overflow↗1998-03-10

▶

Exploit-DB

Ipswitch Imail Server 5.0 - SMTP HELO Argument Buffer Overflow↗1998-03-10

▶