SMTP Service Vulnerability in Microsoft Internet Information Services
CVE-2002-1790

Currently unrated

Key Information:

Vendor: Microsoft
Status: Exchange Server; Internet Information Services; Internet Information Server
Vendor: CVE Published:; 31 December 2002

Summary

The SMTP service in Microsoft Internet Information Services (IIS) versions 4.0 and 5.0 is susceptible to a security flaw that allows remote attackers to bypass existing anti-relaying mechanisms. This vulnerability enables malicious actors to send unsolicited spam or spoofed emails by utilizing encapsulated SMTP addresses, posing significant risks to email integrity and potentially damaging organizational reputation. Remediation strategies should be developed to mitigate this issue, ensuring that proper security measures are in place to prevent unauthorized relay of email.

References

http://online.securityfocus.com/archive/1/281914

mailing-listx_refsource_BUGTRAQ

http://www.iss.net/security_center/static/9580.php

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/5213

vdb-entryx_refsource_BID

EPSS Score

19% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 31, 2002