CVE-2009-0099

Name of the Vulnerable Software and Affected Versions Microsoft Exchange 2000 Server SP3 Microsoft Exchange Server 2003 SP2

Description A denial of service issue exists due to the way the Electronic Messaging System Microsoft Data Base (EMSMDB32) provider handles invalid MAPI commands. An attacker could exploit this by sending a specially crafted MAPI command, potentially causing the application to stop responding. This issue affects the Microsoft Exchange System Attendant, a core service in Microsoft Exchange responsible for various maintenance functions.

Recommendations For Microsoft Exchange 2000 Server SP3, update to a version that includes the fix for the Literal Processing Vulnerability. For Microsoft Exchange Server 2003 SP2, update to a version that includes the fix for the Literal Processing Vulnerability. As a temporary workaround, consider restricting access to the EMSMDB32 provider until a patch is available.