Microsoft KB Archive/246731
Article ID: 246731
Article Last Modified on 10/26/2006
- Microsoft Commercial Internet System 2.5
- Microsoft Commercial Internet System 2.0
This article was previously published under Q246731
Microsoft Commercial Internet System (MCIS) 2.0 and 2.5 contain an unchecked buffer in the Internet Message Access Protocol (IMAP) service. If a request overran the buffer with random data, it would stop MCIS and many Microsoft Internet Information Server (IIS) services. If a request overran the buffer with carefully-selected data, it could allow arbitrary code to run on the server.
The IMAP service included in MCIS Mail has an unchecked buffer. If a connection attempt is made with a very long username, it can cause not only the IMAP service but also the Web publishing service, Simple Mail Transfer Protocol (SMTP), Lightweight Directory Access Protocol (LDAP), Post Office Protocol version 3 (POP3) and other services to stop as well. This vulnerability is only present when the MCIS Mail IMAP service is running.
A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that this article describes. Apply it only to systems that are experiencing this specific problem.
To resolve this problem, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:
Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.
The English version of this fix should have the following file attributes or later:
The following files are available for download from the Microsoft Download Center:
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
Microsoft has confirmed that this is a problem in Microsoft Commercial Internet System versions 2.0 and 2.5.
Keywords: kbhotfixserver kbqfe kbdownload kbbug kbfix kbgraphxlinkcritical kbqfe KB246731