How can I help you? Start Chat

US Phone: 1-866-488-6691
International Phone: +44-2036087492

  • E-Mail
  • Facebook
  • LinkedIn
  • Twitter

Check Point Advisories

Microsoft Exchange Server MIME Base64 Decoding Code Execution (MS07-026; CVE-2007-0213)

Check Point Reference: CPAI-2007-094
Date Published: 15 May 2007
Severity: High
Last Updated: 1 May 2013
Source:
Industry Reference:CVE-2007-0213
Protection Provided by:

Security Gateway
R80, R77, R76, R75, R71, R70

Who is Vulnerable?
Vulnerability Description Simple Mail Transfer Protocol (SMTP) is a core Internet protocol used for transferring e-mail across the Internet.Multipurpose Internet Mail Extension (MIME) is the standard for attaching non-text files (graphics, audio, video and other binary types) to standard Internet mail messages.Microsoft Exchange Server is a collaborative software server from Microsoft, which is very widespread in large corporations using Microsoft infrastructure solutions. Among other things, Microsoft Exchange manages electronic mail, and is thus a popular mail server.A vulnerability exists in the way Microsoft Exchange servers process certain MIME-encoded attachments. An attacker can exploit this vulnerability for code execution in SYSTEM security context.

Protection Overview

This protection will detect and block E-mail messages containing attachments exhibiting this vulnerability.The detect mode makes it possible to track unauthorized traffic without blocking it.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R76 / R75 / R71 / R70

  1. In the IPS tab, click Protections and find the Microsoft Exchange Server MIME Base64 Decoding Code Execution (MS07-026) protection using the Search tool and Edit the protection's settings.
  2. Install policy on all modules.

This protection's log will contain the following information:

Attack Name:  SMTP Protection Violation.
Attack Information:  Microsoft Exchange Server MIME Base64 decoding code execution (MS07-026)