Skip to main content

Microsoft Exchange Server Multiple Vulnerabilities( 11 February 2009 )

Last Update Date: 28 Jan 2011 Release Date: 11 Feb 2009 5106 Views

RISK: Medium Risk

1. Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way Microsoft Exchange Server decodes the Transport Neutral Encapsulation Format (TNEF) data for a message.

2. Literal Processing Vulnerability

A denial of service vulnerability exists in the EMSMDB2 (Electronic Messaging System Microsoft Data Base, 32 bit build) provider because of the way it handles invalid MAPI commands. An attacker could exploit the vulnerability by sending a specially crafted MAPI command to the application using the EMSMDB32 provider. An attacker who successfully exploited this vulnerability could cause the application to stop responding.


Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Exchange 2000 Server
  • Microsoft Exchange Server 2003
  • Microsoft Exchange Server 2007
  • Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch


Vulnerability Identifier


Source


Related Link