|Check Point Reference:||CPAI-2007-094|
|Date Published:||15 May 2007|
|Last Updated:||1 May 2013|
|Protection Provided by:||
|Who is Vulnerable?|
|Vulnerability Description||Simple Mail Transfer Protocol (SMTP) is a core Internet protocol used for transferring e-mail across the Internet. Multipurpose Internet Mail Extension (MIME) is the standard for attaching non-text files (graphics, audio, video and other binary types) to standard Internet mail messages. Microsoft Exchange Server is a collaborative software server from Microsoft, which is very widespread in large corporations using Microsoft infrastructure solutions. Among other things, Microsoft Exchange manages electronic mail, and is thus a popular mail server. A vulnerability exists in the way Microsoft Exchange servers process certain MIME-encoded attachments. An attacker can exploit this vulnerability for code execution in SYSTEM security context.|
This protection will detect and block E-mail messages containing attachments exhibiting this vulnerability.The detect mode makes it possible to track unauthorized traffic without blocking it.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: SMTP Protection Violation.
Attack Information: Microsoft Exchange Server MIME Base64 decoding code execution (MS07-026)