| ID |
CVE-2009-0098
|
| Summary |
Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:exchange_server:2007:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2007:sp1:*:*:*:*:*:*
|
| CVSS |
| Base: | 9.3 (as of 12-10-2018 - 21:49) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-399 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| msbulletin
via4
|
| bulletin_id | MS09-003 | | bulletin_url | | | date | 2009-02-10T00:00:00 | | impact | Remote Code Execution | | knowledgebase_id | 959239 | | knowledgebase_url | | | severity | Critical | | title | Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution |
|
| oval
via4
|
| accepted | 2014-06-23T04:07:47.483-04:00 | | class | vulnerability | | contributors | | name | Dragos Prisaca | | organization | Gideon Technologies, Inc. |
| name | Dragos Prisaca | | organization | Gideon Technologies, Inc. |
| name | Todd Dolinsky | | organization | Hewlett-Packard |
| name | Todd Dolinsky | | organization | Hewlett-Packard |
| name | Jonathan Baker | | organization | The MITRE Corporation |
| name | Shane Shaffer | | organization | G2, Inc. |
| name | Maria Kedovskaya | | organization | ALTX-SOFT |
| name | Jerome Athias | | organization | McAfee, Inc. |
| | definition_extensions | | comment | Microsoft Exchange Server 2000 Service Pack 3 is installed | | oval | oval:org.mitre.oval:def:1858 |
| comment | Microsoft Exchange Server 2003 Service Pack 2 is installed | | oval | oval:org.mitre.oval:def:1869 |
| comment | Microsoft Exchange Server 2007 SP1 is installed | | oval | oval:org.mitre.oval:def:5577 |
| | description | Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." | | family | windows | | id | oval:org.mitre.oval:def:6114 | | status | accepted | | submitted | 2009-02-10T16:00:00 | | title | Memory Corruption Vulnerability | | version | 16 |
|
| refmap
via4
|
| cert | TA09-041A | | osvdb | 51837 | | secunia | 33838 |
|
| Last major update |
12-10-2018 - 21:49 |
| Published |
10-02-2009 - 22:30 |
| Last modified |
12-10-2018 - 21:49 |
