Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0213 — Improper Input Validation in Microsoft Exchange Server

CWE-20 — Improper Input Validation4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

83.4%

top 0.72%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Exchange Server

Timeline

PublishedMay 8

Latest updateMay 1

Description

Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/exchange_server2000, 2003, 2007+2

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-x698-9hf8-hpr3: Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to↗2022-05-01

▶

CVEList

CVE-2007-0213: Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to↗2007-05-08

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Exchange 2003 - base64-MIME Remote Code Execution↗2019-07-05

▶