CVE-2009-0099

2009-02-1022:30:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2009-0099

emsmdb32

microsoft exchange server

denial of service

vulnerability

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.77 High

EPSS

Percentile

98.2%

JSON

The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka “Literal Processing Vulnerability.”

CPENameOperatorVersion
microsoft:exchange_servermicrosoft exchange servereq2000
microsoft:exchange_servermicrosoft exchange servereq2003
microsoft:exchange_servermicrosoft exchange servereq2007

CPE	Name	Operator	Version
microsoft:exchange_server	microsoft exchange server	eq	2000
microsoft:exchange_server	microsoft exchange server	eq	2003
microsoft:exchange_server	microsoft exchange server	eq	2007