Vulnerability Name:

CVE-2009-0098 (CCN-47670)

Assigned:2009-02-10
Published:2009-02-10
Updated:2018-10-12
Summary:Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-399
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-0098

Source: OSVDB
Type: UNKNOWN
51837

Source: CCN
Type: SA33838
Exchange Server TNEF Decoding and MAPI Command Processing Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
33838

Source: CCN
Type: ASA-2009-054
MS09-003 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)

Source: CCN
Type: IBM Internet Security Systems Protection Alert February 10, 2009
Microsoft Exchange Server TNEF Remote Code Execution

Source: CCN
Type: Microsoft Security Bulletin MS09-003
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)

Source: CCN
Type: OSVDB ID: 51837
Microsoft Exchange Server Message Transport Neutral Encapsulation Format (TNEF) Decoding Remote Code Execution

Source: CCN
Type: BID-33134
Microsoft Exchange Server TNEF Decoding Remote Code Execution Vulnerability

Source: CERT
Type: US Government Resource
TA09-041A

Source: MS
Type: UNKNOWN
MS09-003

Source: XF
Type: UNKNOWN
exchange-tnef-code-execution(47670)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6114

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2007:sp1:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:exchange_server:2003:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2000:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2003:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2000:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2007:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2007:sp1:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:6114
    V
    		Memory Corruption Vulnerability
    2014-06-23
    BACK
    microsoft exchange server 2000 sp3
    microsoft exchange server 2003 sp2
    microsoft exchange server 2007 sp1
    microsoft exchange server 2003 sp1
    microsoft exchange server 2000 sp3
    microsoft exchange server 2000 sp2
    microsoft exchange server 2003
    microsoft exchange server 2000 sp1
    microsoft exchange server 2003 sp2
    microsoft exchange server 2007
    microsoft exchange server 2007 sp1