XFOR: AUTH and EHLO Commands Cause Internet Mail Service to Stop

Article translations Article translations
Article ID: 188341 - View products that this article applies to.
This article was previously published under Q188341
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all


A malicious attacker might connect to the SMTP port of an Microsoft Exchange Server 5.0 or 5.5 computer and disrupt the Internet Mail Service by issuing specific sequences of AUTH or XAUTH commands. When this occurs, the following error message may be displayed:
msexcimc.exe - Application Error

The instruction at "0x77f7d514" reference memory at "0x711cc771". The memory could not be written.


Improper checking of bounds conditions on certain AUTH or XAUTH command sequences may result in a buffer overflow.


Microsoft has confirmed that this is a problem in Microsoft Exchange Serverversion 5.0.

A supported fix is now available, but has not been fully regression-tested and should be applied only to systems experiencing this specific problem. Unless you are severely impacted by this specific problem, Microsoft recommends that you wait for the next service pack that contains this fix. Contact Microsoft Technical Support for more information.

This fix has been posted to the following Internet location:
Microsoft has confirmed this to be a problem in Microsoft Exchange Server version 5.5. This problem has been corrected in the latest U.S. service pack for Microsoft Exchange Server version 5.5. For information on obtaining the service pack, query on the following word in the Microsoft Knowledge Base (without the spaces):
   S E R V P A C K


Article ID: 188341 - Last Review: November 2, 2013 - Revision: 4.0
Applies to
  • Microsoft Exchange Server 5.0 Standard Edition
  • Microsoft Exchange Server 5.5 Standard Edition
kbnosurvey kbarchive kbHotfixServer kbqfe kbbug kbfix KB188341

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com