Vulnerability Details CVE-2009-1491
McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.5%
CVSS Severity
CVSS v2 Score 9.3
References
Products affected by CVE-2009-1491
-
cpe:2.3:a:mcafee:groupshield:*
-
cpe:2.3:a:microsoft:exchange_server:2000