CVE-2009-0098Out-of-bounds Write in Microsoft Exchange Server

CWE-3993 documents3 sources
Severity
9.3CRITICALNVD
EPSS
62.5%
top 1.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Exchange Server
Timeline
PublishedFeb 10
Latest updateMay 2

Description

Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/exchange_server2000, 2003, 2007+2

🔴Vulnerability Details

2
GHSA
GHSA-3969-vr99-qg5h: Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (2022-05-02
CVEList
CVE-2009-0098: Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (2009-02-10
CVE-2009-0098 — Out-of-bounds Write in Microsoft | cvebase