CVE-2009-0098

critical

Description

Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6114

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-003

http://www.us-cert.gov/cas/techalerts/TA09-041A.html

http://secunia.com/advisories/33838

http://osvdb.org/51837

Details

Source: Mitre, NVD

Published: 2009-02-10

Updated: 2018-10-12

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical