Home / bulletins MS09-003 - Critical: Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) - Version:2.1
Posted on 26 February 2009
There is an newer version: MS09-003 - Version: 3.0
CriticalSeverity Rating: Critical - Revision Note: V2.1 (February 25, 2009): Added a footnote in the Affected Software table, and modified two entries in the section, Frequently Asked Questions (FAQ) Related to This Security Update, relating to the Exchange System Management Tools for Exchange Server 2003. This is an informational change only. There were no changes to the security update files in this bulletin.Summary: This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding.
Other versions
- MS09-003 - Version: 1.0
- MS09-003 - Version: 2.0
- MS09-003 - Version: 2.1
- MS09-003 - Version: 3.0
- MS09-003 - Version: 3.0
