PT-2009-2797 · Microsoft · Exchange Server

Published

2009-02-10

Updated

2018-10-12

CVE-2009-0098

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions 2000 SP3, 2003 SP2, 2007 SP1

Description A remote code execution issue exists due to improper interpretation of Transport Neutral Encapsulation Format (TNEF) properties, allowing remote attackers to execute arbitrary code via a crafted TNEF message.

Recommendations For Microsoft Exchange 2000 Server SP3, update to a version that properly handles TNEF properties to prevent code execution. For Microsoft Exchange Server 2003 SP2, apply a fix that corrects the decoding of TNEF data to mitigate the risk of remote code execution. For Microsoft Exchange Server 2007 SP1, modify the server configuration to correctly interpret TNEF properties and prevent arbitrary code execution.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2009-0098

Affected Products

Exchange Server

PT-2009-2797 · Microsoft · Exchange Server

CVE-2009-0098

Weakness Enumeration

Related Identifiers

Affected Products

References · 9