<< Back
CVE Number Vulnerability Product Severity Date
MS09-003 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) Microsoft Exchange Critical 11-02-2009

Technical Information

Brief overview of the risk:
A remote code execution vulnerability exists in the way Microsoft Exchange Server decodes the Transport Neutral Encapsulation Format (TNEF) data for a message.
Detailed Information on the risk:
This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding. Further information on this exploit is available at : MS09-003

Affected Software

Microsoft Exchange 2000 Server Service Pack 3 with the Update Rollup of August 2004
(KB959897)
Microsoft Exchange Server 2003 Service Pack 2
Microsoft Exchange Server 2007 Service Pack 1*