Description
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
References (3)
Core 3
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101501580409373&w=2
Patch, Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-011
Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4205
Scores
EPSS
0.2244
EPSS Percentile
97.4%
Details
CWE
CWE-294
Status
published
Products (2)
microsoft/exchange_server
5.5 (5 CPE variants)
microsoft/windows_2000
(3 CPE variants)
Published
Mar 08, 2002
Tracked Since
Feb 18, 2026