Exchange Server@2007 Security Vulnerabilities and Issues — Exchange Server@2007 CVE List

Lucene search

MicrosoftExchange Server2007

16 matches found

CVE•added 2007/05/08 11:19 p.m.•219 views

CVE-2007-0213

Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.

10CVSS7.3AI score0.81906EPSS

CVE•added 2008/07/08 11:41 p.m.•107 views

CVE-2008-2248

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.

4.3CVSS6.2AI score0.25123EPSS

CVE•added 2016/09/14 10:59 a.m.•83 views

CVE-2016-0138

Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging t...

4.3CVSS4.9AI score0.16066EPSS

CVE•added 2010/12/16 7:33 p.m.•82 views

CVE-2010-3937

Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."

4CVSS6.2AI score0.3821EPSS

CVE•added 2012/12/12 12:55 a.m.•77 views

CVE-2012-4791

Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."

3.5CVSS6.3AI score0.367EPSS

CVE•added 2009/02/10 10:30 p.m.•76 views

CVE-2009-0098

Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.57971EPSS

CVE•added 2010/04/14 4:0 p.m.•74 views

CVE-2010-0024

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX re...

5CVSS6.2AI score0.40008EPSS

CVE•added 2010/05/07 6:30 p.m.•65 views

CVE-2010-1690

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earl...

6.4CVSS6AI score0.54363EPSS

CVE•added 2010/04/14 4:0 p.m.•61 views

CVE-2010-0025

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of i...

5CVSS6.7AI score0.54363EPSS

CVE•added 2013/01/17 1:55 a.m.•60 views

CVE-2013-0418

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information...

6.8CVSS5.9AI score0.25098EPSS

CVE•added 2008/07/08 11:41 p.m.•57 views

CVE-2008-2247

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248.

4.3CVSS6.2AI score0.25123EPSS

CVE•added 2009/02/10 10:30 p.m.•57 views

CVE-2009-0099

The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Proc...

5CVSS6.4AI score0.71059EPSS

CVE•added 2014/12/11 12:59 a.m.•54 views

CVE-2014-6319

Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka "Outlook Web App Token Spoofing Vulnerability....

5CVSS6.7AI score0.05143EPSS

CVE•added 2010/05/07 6:30 p.m.•53 views

CVE-2010-1689

6.4CVSS6AI score0.54363EPSS

CVE•added 2007/05/08 11:19 p.m.•49 views

CVE-2007-0039

The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in whi...

7.8CVSS6.4AI score0.40928EPSS

CVE•added 2010/05/27 7:30 p.m.•45 views

CVE-2010-2091

Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) a...

4.3CVSS5.7AI score0.04459EPSS