CyberSec.Space Logo
Back to CVE Browser

CVE-2009-0098

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0290%
EPSS Percentile15.72th
PublishedFeb 10, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

Exchange Server

= 2000
πŸ“¦
Microsoft

Exchange Server

= 2003
πŸ“¦
Microsoft

Exchange Server

= 2007

References & Advisories

πŸ”— http://osvdb.org/51837
πŸ”— http://secunia.com/advisories/33838
πŸ”— http://www.us-cert.gov/cas/techalerts/TA09-041A.html
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-003
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6114
πŸ”— http://osvdb.org/51837
πŸ”— http://secunia.com/advisories/33838
πŸ”— http://www.us-cert.gov/cas/techalerts/TA09-041A.html

Related Vulnerabilities

CVE-2004-084010.0

The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 200...

CVE-2006-662710.0

Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivi...

CVE-2004-057410.0

The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, ...

CVE-2007-021310.0

Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows...