----------------------------------------------------------------------


  Secunia CSI
+ Microsoft SCCM
-----------------------
= Extensive Patch Management

http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/


----------------------------------------------------------------------

TITLE:
Microsoft Exchange Server 2000 Information Disclosure Vulnerability

SECUNIA ADVISORY ID:
SA39253

VERIFY ADVISORY:
http://secunia.com/advisories/39253/

DESCRIPTION:
A vulnerability has been reported in Microsoft Exchange Server 2000,
which can be exploited by malicious people to gain knowledge of
certain sensitive information.

The vulnerability is caused due to a memory allocation error in the
SMTP component when interpreting SMTP responses. This can be
exploited to disclose random e-mail message fragments by sending
invalid commands followed by the STARTTLS command.

SOLUTION:
Apply patches.

Microsoft Exchange Server 2000 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=e47c90a0-c9c8-43b7-bec7-34107ddde294

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
MS10-024 (KB976703, KB981832):
http://www.microsoft.com/technet/security/bulletin/MS10-024.mspx

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------