Hi according to the advisory from MS, this can be exploited through a forged email attribute in a message. In this case, Exchange2000 eats up all the cpu processing this message (for a while) then recovers. This can be used to throw some emails at Exchange2k and mount an easy DOS.
Does anyone know how to check this vulnerability in the case Exchange2k is in the internal network and mail is passed through a email gateway (not exchange2k of course) located in a DMZ? Can these malicious mail attributes be passed through the mail gw to the internal exchange2k anyhow? or will the mail gateway "purge" these attributes? Hope someone can help me and hopefully this info can be used to build a nasl script =) best rgds Cristobal
