Some of our readers need to be calmed down I guess: It's not Microsoft's exchange. eXchange pop3 is from a 3rd party vendor. Find it at: http://www.exchangepop3.com/.
The good news is that it took the vendor about 2 weeks to issue a fixed version for download.
From the description the vendor makes a product that's to be installed on or close to a real exchange machine. So we're not out of the woods yet. The product offers connections between an exchange server and an external POP3 or IMAP mailbox. Yet it's SMTP service has a buffer overflow in it's handling of the "RCPT TO:" command. The exploit has been made public.
Feb 3rd 2006
1 decade ago