CVE-2009-0098

Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."

Published: Feb 10, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-0098
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
microsoft / exchange_server	2000-sp3	2000-sp3.x
microsoft / exchange_server	2003-sp2	2003-sp2.x
microsoft / exchange_server	2007-sp1	2007-sp1.x

http://osvdb.org/51837
http://secunia.com/advisories/33838
http://www.us-cert.gov/cas/techalerts/TA09-041A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-003
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6114

Vulnerability Database

289,599

CVE-2009-0098