Microsoft SMTP Service BDAT DoS Vulnerability


Summary:

	The Microsoft Windows 2000 Internet Mail Service is vulnerable to a
	Denial of Service attack through the BDAT command. If exploited, this
	vulnerability will cause any and all services running under IIS (the
	inetinfo.exe process) to become unavailable.

        At this time, there seems to be a slim-to-none chance of being able to
        execute arbitrary code through this vulnerability.

Solution:

	On February 27, 2002 an official fix was made available:
		
		* http://www.microsoft.com/technet/security/bulletin/MS02-012.asp

Tools:
	A perl script to exploit this vulnerability can be found HERE.


<< BACK