CVE-2009-0098

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions 2000 SP3, 2003 SP2, 2007 SP1

Description A remote code execution issue exists due to improper interpretation of Transport Neutral Encapsulation Format (TNEF) properties, allowing remote attackers to execute arbitrary code via a crafted TNEF message.

Recommendations For Microsoft Exchange 2000 Server SP3, update to a version that properly handles TNEF properties to prevent code execution. For Microsoft Exchange Server 2003 SP2, apply a fix that corrects the decoding of TNEF data to mitigate the risk of remote code execution. For Microsoft Exchange Server 2007 SP1, modify the server configuration to correctly interpret TNEF properties and prevent arbitrary code execution.