Vulnerability Name:

CVE-2009-0099 (CCN-47671)

Assigned:2009-02-10
Published:2009-02-10
Updated:2018-10-12
Summary:The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2009-0099

Source: OSVDB
Type: UNKNOWN
51838

Source: CCN
Type: SA33838
Exchange Server TNEF Decoding and MAPI Command Processing Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
33838

Source: CCN
Type: ASA-2009-054
MS09-003 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)

Source: CCN
Type: Microsoft Security Bulletin MS09-003
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)

Source: CCN
Type: OSVDB ID: 51838
Microsoft Exchange Server EMSMDB2 Invalid MAPI Command Remote DoS

Source: CCN
Type: BID-33136
Microsoft Exchange Server EMSMDB2 MAPI Command Remote Denial of Service Vulnerability

Source: CERT
Type: US Government Resource
TA09-041A

Source: MS
Type: UNKNOWN
MS09-003

Source: XF
Type: UNKNOWN
exchange-emsmdb2-mapi-dos(47671)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6159

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2007:sp1:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:exchange_server:2000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2003:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2000:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2003:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2000:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2007:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2007:sp1:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:6159
    V
    		Literal Processing Vulnerability
    2014-06-23
    BACK
    microsoft exchange server 2000 sp3
    microsoft exchange server 2003 sp2
    microsoft exchange server 2007 sp1
    microsoft exchange server 2000
    microsoft exchange server 2003 sp1
    microsoft exchange server 2000 sp3
    microsoft exchange server 2000 sp2
    microsoft exchange server 2003
    microsoft exchange server 2000 sp1
    microsoft exchange server 2003 sp2
    microsoft exchange server 2007
    microsoft exchange server 2007 sp1