CVE-2002-0698
Description
Remote attacker can execute arbitrary code on Exchange 5.5 by sending an EHLO command with a long hostname resolved via reverse DNS, overflowing the IMC's response buffer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Remote attacker can execute arbitrary code on Exchange 5.5 by sending an EHLO command with a long hostname resolved via reverse DNS, overflowing the IMC's response buffer.
Vulnerability
A buffer overflow exists in the Internet Mail Connector (IMC) component of Microsoft Exchange Server 5.5. When the IMC receives an SMTP EHLO (extended hello) command from a remote server, it constructs a response that includes the connecting server's fully-qualified domain name, obtained via a reverse DNS lookup. If that name exceeds a certain length, the response overflows a fixed-size buffer in the IMC code. The vulnerability is documented in Microsoft Security Bulletin MS02-037 [1]. All versions of Exchange 5.5 running the IMC are affected [1].
Exploitation
An attacker must control a system whose reverse DNS record points to a long hostname (exceeding the expected buffer size), then send an EHLO command from that system to the Exchange server. No prior authentication or special network position is required beyond the ability to establish an SMTP connection. The IMC performs a reverse DNS lookup on the connecting IP, retrieves the crafted long name, and includes it in the EHLO response, which overflows the buffer. The attacker must populate the long hostname with carefully chosen data to achieve code execution [1].
Impact
Successful exploitation allows the attacker to execute arbitrary code with the privileges of the Exchange 5.5 service account, which typically has broad system-level access. The impact is complete compromise of the Exchange server, including the ability to read, modify, or delete email data and potentially to pivot to other hosts on the network. If overflowed with random data, the IMC fails, resulting in a denial of service [1].
Mitigation
Microsoft released a security update (Q326322) on July 25, 2002, as part of MS02-037 [1]. Administrators should apply the patch to all Exchange 5.5 servers running the IMC. No workarounds are documented in the bulletin, and the product is long past its support lifecycle, so upgrading to a supported Exchange version or disabling the IMC if not required are recommended. This vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of this writing.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*
- (no CPE)range: = 5.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-037nvdPatchVendor Advisory
- www.securityfocus.com/bid/5306nvdThird Party AdvisoryVDB Entry
- bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jspnvdBroken Link
- www.iss.net/security_center/static/9658.phpnvdBroken Link
- support.microsoft.com/default.aspxnvd
News mentions
0No linked articles in our index yet.