Remote Code Execution Vulnerabilities in Microsoft Exchange - MS09-003ID: oval:org.secpod.oval:def:3299 | Date: (C)2011-11-29 (M)2022-03-15 |
Class: PATCH | Family: windows |
The host is missing a critical security update according to Microsoft security bulletin, MS09-003. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Microsoft Exchange Server , which fails to handle a specially crafted TNEF message. Successful exploitation could allow an attackers to take complete control of the affected system with Exchange Server service account privileges.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows 7 |
Microsoft Windows Server 2003 |
Microsoft Windows Vista |
Microsoft Windows XP |
Product: |
Microsoft Exchange 2000 Server |
Microsoft Exchange Server 2003 |
Microsoft Exchange Server 2007 |
Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 |