SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (E-mail Server)  >   Microsoft Exchange Vendors:   Microsoft
Microsoft Exchange MAPI Command Literal Processing Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1021701
SecurityTracker URL:  http://securitytracker.com/id/1021701
CVE Reference:   CVE-2009-0099   (Links to External Site)
Updated:  Feb 17 2009
Original Entry Date:  Feb 10 2009
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2000, 2003, 2007
Description:   A vulnerability was reported in Microsoft Exchange. A remote user can cause denial of service conditions on the target system.

A remote user can send specially crafted MAPI commands to the target application via the Electronic Messaging System Microsoft Data Base 32 bit build (EMSMDB2) provider to cause the application to stop responding.

The Microsoft Exchange System Attendant service is affected. Other services and applications that use the EMSMDB32 provider may be affected.

The Microsoft indicated that the Microsoft Exchange Server MAPI Client is also affected. The Solution section was updated.

Bogdan Materna of VoIPshield Systems reported this vulnerability.
Impact:   A remote user can cause the target application or service to stop responding.
Solution:   The vendor has issued the following fixes:

Microsoft Exchange 2000 Server Service Pack 3 with the Update Rollup of August 2004:

http://www.microsoft.com/downloads/details.aspx?familyid=805dc856-ea60-477d-be40-6ac535a7e7e5

Microsoft Exchange Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=1d9f0956-88bd-4e13-a86b-b1c8d4782f71

Microsoft Exchange Server 2007 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=93cb3f66-ae72-4356-bdbf-35029cff6df1

Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1:

http://www.microsoft.com/downloads/details.aspx?FamilyID=e17e7f31-079a-43a9-bff2-0a110307611e

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx

On February 17, 2009 (UTC), Microsoft updated their advisory to indicate that the Microsoft Exchange Server MAPI Client is also affected by MS09-003.
Vendor URL:  www.microsoft.com/technet/security/bulletin/ms09-003.mspx (Links to External Site)
Cause:   Input validation error
Underlying OS:   Windows (2000), Windows (2003), Windows (Vista)

Message History:   None.

 Source Message Contents
Date:  Tue, 10 Feb 2009 14:20:08 -0500
Subject:  http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx


Microsoft Security Bulletin MS09-003 - Critical: Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)

CVE-2009-0099


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC