XIMS: MCIS Mail Services Unexpectedly Stop

Article translations Article translations
Article ID: 246731 - View products that this article applies to.
This article was previously published under Q246731
Expand all | Collapse all

SYMPTOMS

Microsoft Commercial Internet System (MCIS) 2.0 and 2.5 contain an unchecked buffer in the Internet Message Access Protocol (IMAP) service. If a request overran the buffer with random data, it would stop MCIS and many Microsoft Internet Information Server (IIS) services. If a request overran the buffer with carefully-selected data, it could allow arbitrary code to run on the server.

CAUSE

The IMAP service included in MCIS Mail has an unchecked buffer. If a connection attempt is made with a very long username, it can cause not only the IMAP service but also the Web publishing service, Simple Mail Transfer Protocol (SMTP), Lightweight Directory Access Protocol (LDAP), Post Office Protocol version 3 (POP3) and other services to stop as well. This vulnerability is only present when the MCIS Mail IMAP service is running.

RESOLUTION

A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that this article describes. Apply it only to systems that are experiencing this specific problem.

To resolve this problem, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix should have the following file attributes or later:

Component: MCIS

Collapse this tableExpand this table
File nameVersion
Imapsvc.dll5.5.1877.37

The following files are available for download from the Microsoft Download Center:
x86:
Collapse this imageExpand this image
Download
Download Q246731engi.exe now
Alpha:
Collapse this imageExpand this image
Download
Download Q246731enga.exe now
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

STATUS

Microsoft has confirmed that this is a problem in Microsoft Commercial Internet System versions 2.0 and 2.5.

Properties

Article ID: 246731 - Last Review: October 26, 2006 - Revision: 5.6
APPLIES TO
  • Microsoft Commercial Internet System 2.5
  • Microsoft Commercial Internet System 2.0
Keywords: 
kbhotfixserver kbqfe kbdownload kbbug kbfix kbgraphxlinkcritical kbqfe KB246731

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com