CVE-2009-0099
published 2009-02-10CVE-2009-0099: The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange…
PriorityP270medium5CVSS 2.0
AVNACLAuNCNINAP
ITWVulnCheck KEV
Exploited in the wild
EPSS
26.24%
97.7th percentile
The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | exchange_server | — | — |
| microsoft | exchange_server | — | — |
| microsoft | exchange_server | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vulncheck5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w8h6-6x8h-3fj6: The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in
ghsa_unreviewed·2022-05-02
CVE-2009-0099 [MEDIUM] CWE-20 GHSA-w8h6-6x8h-3fj6: The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in
The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
VulnCheck
Microsoft Exchange Server Improper Input Validation
vulncheck·2009·CVSS 5.0
CVE-2009-0099 [MEDIUM] Microsoft Exchange Server Improper Input Validation
Microsoft Exchange Server Improper Input Validation
The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
Affected: Microsoft Exchange Server
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=a9c54f79-d780-437b-a7f5-a74960e299d5&CommunityKey=8af7f28f-02f1-4107-8639-93a60b6546d4
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/51838http://secunia.com/advisories/33838http://www.us-cert.gov/cas/techalerts/TA09-041A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-003https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6159http://osvdb.org/51838http://secunia.com/advisories/33838http://www.us-cert.gov/cas/techalerts/TA09-041A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-003https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6159
2009-02-10
Published
Exploited in the wild