CVE-2005-0738 — Uncontrolled Resource Consumption in Microsoft Exchange Server

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

13.2%

top 5.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Exchange Server

Timeline

PublishedMay 2

Latest updateMay 1

Description

Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/exchange_server2003

Patches

Patch: support.microsoft.com ↗Patch: support.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-2v2x-9xmf-m2f7: Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder↗2022-05-01

▶

CVEList

CVE-2005-0738: Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder↗2005-03-13

▶