Microsoft Exchange Internet Mail Service AUTH/AUTHINFO Command DoS
Denial of Service
Loss of Availability
Microsoft Exchange contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the Internet Mail Service (IMS) not properly sanitizing user-supplied input. By passing overly long data to the AUTH or AUTHINFO commands, an attacker can trigger a buffer overflow and crash the service.