CVE-2009-0099
EXPLOITEDMicrosoft Exchange Server 2000 SP3 and 2003 SP2 - Denial of Service via Malformed MAPI Command
Title source: llmExploitation Summary
CVE-2009-0099 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6159
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-003
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/51838
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-041A.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33838
Scores
EPSS
0.2624
EPSS Percentile
97.8%
Details
VulnCheck KEV
2017-06-20
CWE
CWE-20
Status
published
Products (3)
microsoft/exchange_server
2000 sp3
microsoft/exchange_server
2003 sp2
microsoft/exchange_server
2007 sp1
Published
Feb 10, 2009
Tracked Since
Feb 18, 2026