Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) |
Informations | |||
---|---|---|---|
Name | MS09-003 | First vendor Publication | 2009-02-10 |
Vendor | Microsoft | Last vendor Modification | 2009-05-26 |
Severity (Vendor) | Critical | Revision | 3.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V3.0 (May 26, 2009): Added an entry in the section, Frequently Asked Questions (FAQ) Related to This Security Update, to announce a detection change to the update for Microsoft Exchange Server 2003 Service Pack 2 (KB959897). This is a detection change only. There were no changes to the security update files in this bulletin. Customers who have already installed the KB959897 update successfully do not need to reinstall.Summary: This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS09-003.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
50 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6114 | |||
Oval ID: | oval:org.mitre.oval:def:6114 | ||
Title: | Memory Corruption Vulnerability | ||
Description: | Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0098 | Version: | 11 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft Exchange Server 2000 Microsoft Exchange Server 2003 Microsoft Exchange Server 2007 Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6159 | |||
Oval ID: | oval:org.mitre.oval:def:6159 | ||
Title: | Literal Processing Vulnerability | ||
Description: | The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0099 | Version: | 11 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft Exchange Server 2000 Microsoft Exchange Server 2003 Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2009-02-11 | Name : Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) File : nvt/secpod_ms09-003.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
51838 | Microsoft Exchange Server EMSMDB2 Invalid MAPI Command Remote DoS Exchange Server contains a flaw that may allow a remote denial of service. The issue is triggered when the EMSMDB2 encounters a malformed MAPI message, and will result in loss of availability for the System Attendant service. |
51837 | Microsoft Exchange Server Message Transport Neutral Encapsulation Format (TNE... A memory corruption flaw exists in Exchange Server. It fails to validate TNEF data resulting in memory corruption. With a specially crafted message, a remote attacker can cause arbitrary code execution resulting in a loss of integrity. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-02-12 | IAVM : 2009-A-0013 - Multiple Remote Code Execution Vulnerabilities in Microsoft Exchange Severity : Category I - VMSKEY : V0018388 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows Exchange System Attendant denial of service attempt RuleID : 15302 - Revision : 13 - Type : SERVER-MAIL |
2014-01-10 | Exchange compressed RTF remote code execution attempt RuleID : 15301 - Revision : 5 - Type : SERVER-MAIL |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-04-03 | Name : Arbitrary code can be executed on the remote host through the email server. File : exchange_ms09-003.nasl - Type : ACT_GATHER_INFO |
2009-02-11 | Name : Arbitrary code can be executed on the remote host through the email server. File : smb_nt_ms09-003.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:10 |
|
2014-01-19 21:30:17 |
|
2013-11-11 12:41:10 |
|