Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-0098 | First vendor Publication | 2009-02-10 |
Vendor | Cve | Last vendor Modification | 2018-10-12 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0098 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6114 | |||
Oval ID: | oval:org.mitre.oval:def:6114 | ||
Title: | Memory Corruption Vulnerability | ||
Description: | Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0098 | Version: | 11 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft Exchange Server 2000 Microsoft Exchange Server 2003 Microsoft Exchange Server 2007 Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2009-02-11 | Name : Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) File : nvt/secpod_ms09-003.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
51837 | Microsoft Exchange Server Message Transport Neutral Encapsulation Format (TNE... A memory corruption flaw exists in Exchange Server. It fails to validate TNEF data resulting in memory corruption. With a specially crafted message, a remote attacker can cause arbitrary code execution resulting in a loss of integrity. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-02-12 | IAVM : 2009-A-0013 - Multiple Remote Code Execution Vulnerabilities in Microsoft Exchange Severity : Category I - VMSKEY : V0018388 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows Exchange System Attendant denial of service attempt RuleID : 15302 - Revision : 13 - Type : SERVER-MAIL |
2014-01-10 | Exchange compressed RTF remote code execution attempt RuleID : 15301 - Revision : 5 - Type : SERVER-MAIL |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-04-03 | Name : Arbitrary code can be executed on the remote host through the email server. File : exchange_ms09-003.nasl - Type : ACT_GATHER_INFO |
2009-02-11 | Name : Arbitrary code can be executed on the remote host through the email server. File : smb_nt_ms09-003.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:09:00 |
|
2021-04-22 01:09:20 |
|
2020-05-23 00:23:12 |
|
2018-10-13 00:22:46 |
|
2017-09-29 09:24:01 |
|
2016-06-28 17:33:23 |
|
2016-04-26 18:33:06 |
|
2014-02-17 10:48:18 |
|
2014-01-19 21:25:34 |
|
2013-11-11 12:38:10 |
|
2013-05-10 23:41:49 |
|