CVE-2009-0099: Input Validation
First published: Tue Feb 10 2009(Updated: )
The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Exchange Server | =2000-sp3 | |
| Microsoft Exchange Server | =2003-sp2 | |
| Microsoft Exchange Server | =2007-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-0099?
CVE-2009-0099 is categorized as a denial of service vulnerability affecting Microsoft Exchange Server.
How do I fix CVE-2009-0099?
To mitigate CVE-2009-0099, apply the latest security updates provided by Microsoft for Exchange Server 2000 SP3 and 2003 SP2.
What software versions are affected by CVE-2009-0099?
CVE-2009-0099 affects Microsoft Exchange Server 2000 SP3 and 2003 SP2.
What type of attack is associated with CVE-2009-0099?
CVE-2009-0099 involves a remote denial of service attack via a malformed MAPI command.
Can CVE-2009-0099 be exploited remotely?
Yes, CVE-2009-0099 can be exploited remotely by attackers to cause an application outage.
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft exchange server
- version/microsoft exchange server/2000-sp3
- version/microsoft exchange server/2003-sp2
- version/microsoft exchange server/2007-sp1