Microsoft SMTP Service and Exchange Routing Engine Buffer Overflow Vulnerability

Summary
The Microsoft Windows 2003 SMTP Service and Exchange Routing Engine have been reported prone to a buffer overflow. This occurs during the processing responses to DNS lookups. Successful exploitation could allow for remote code execution in the context of the vulnerable service.
Solution
Microsoft has released a bulletin that includes fixes to address this issue for supported versions of the operating system. Note that the fix for Exchange Server 2000 Service Pack 3 requires that the Exchange 2000 Server Post-Service Pack 3 (SP3) Update Rollup be installed as a prerequisite. See Knowledge Base article 870540 in the References section for further details on this rollup.
References