Title: Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability
Severity: MODERATE
Description:
A problem exists in Microsoft Exchange 2000 when running with Norton AntiVirus for Microsoft Exchange. A host running this combination of software can be tricked into disclosing mail directory paths to an attacker.
This issue occurs when a message attachment is sent via e-mail to an affected host running Norton AntiVirus for Microsoft Exchange. If the attachment is scanned and rejected then the message will be bounced back to the sender with notification of why the message was rejected. When this happens, the path to the intended recipient's INBOX is sent in the message header of the rejection notification. The expected behavior is that the header in the returned message will only contain the destination address of the user and not the path of the user's INBOX.
This can be exploited by an attacker who intentionally crafts a message to a user on the host which contains an attachment which will be rejected by the host.
Affected Products:
- Microsoft Exchange Server 2000
- Microsoft Exchange Server 2000 SP1
- Symantec Norton AntiVirus for MS Exchange 2.5.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
