COMMAND

    Commercial Internet System

SYSTEMS AFFECTED

    Microsoft Commercial Internet System 2.0 and 2.5.

PROBLEM

    Following  is  based  on  Microsoft  Security  Bulletin.  The IMAP
    service  included  in  MCIS  Mail  has  an  unchecked buffer. If a
    malformed  request  containing  random  data  were  passed  to the
    service, it could cause the  web publishing, IMAP, SMTP, LDAP  and
    other  services  to  crash.  If  the  malformed  request contained
    specially crafted  data, it  could also  be used  to run arbitrary
    code on the server via a classic buffer overrun attack.

    Microsoft acknowledges  Tristan Goode  for bringing  this issue to
    our attention.

SOLUTION

    Patch availability:

    - Intel:
        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=17124
    - Alpha:
        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=17122