CVE-2009-0099

EXPLOITED

Microsoft Exchange Server 2000 SP3 and 2003 SP2 - Denial of Service via Malformed MAPI Command

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2009-0099 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6159
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/51838
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-041A.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33838

Scores

EPSS 0.2624
EPSS Percentile 97.8%

Details

VulnCheck KEV 2017-06-20
CWE
CWE-20
Status published
Products (3)
microsoft/exchange_server 2000 sp3
microsoft/exchange_server 2003 sp2
microsoft/exchange_server 2007 sp1
Published Feb 10, 2009
Tracked Since Feb 18, 2026