Vulnerability Details CVE-2009-0098
Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.603
EPSS Ranking 98.1%
CVSS Severity
CVSS v2 Score 9.3
References
- http://osvdb.org/51837
- http://secunia.com/advisories/33838
- http://www.us-cert.gov/cas/techalerts/TA09-041A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-003
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6114
- http://osvdb.org/51837
- http://secunia.com/advisories/33838
- http://www.us-cert.gov/cas/techalerts/TA09-041A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-003
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6114
Products affected by CVE-2009-0098
-
cpe:2.3:a:microsoft:exchange_server:2000
-
cpe:2.3:a:microsoft:exchange_server:2003
-
cpe:2.3:a:microsoft:exchange_server:2007