Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0098

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-0098
Last Modified 04 Mar 2009 01:48:28
Published 10 Feb 2009 05:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0098

Summary

Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."

Vulnerable Systems

Application

  • Microsoft Exchange Server 2000

  • Microsoft Exchange Server 2003

  • Microsoft Exchange Server 2007


References

CERT - TA09-041A

MS - MS09-003

SECUNIA - 33838

OSVDB - 51837


Last Updated: 27 May 2016 10:50:06