CVSS: 9.8EPSS: 60%CPEs: 3EXPL: 0CVE-2009-0098
https://notcve.org/view.php?id=CVE-2009-0098
10 Feb 2009 — Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2 y Exchange Server 2007 SP1; no interpreta adecuadamente las propiedades de Transport Neutral Encapsulation (TNEF), esto permite a atacantes remotos ejecutar cód... • http://osvdb.org/51837 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 71%CPEs: 3EXPL: 0CVE-2009-0099
https://notcve.org/view.php?id=CVE-2009-0099
10 Feb 2009 — The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." El proveedor Electronic Messaging System Microsoft Data Base (EMSMDB32) en Microsoft Exchange 2000 Server SP3 y Exchange Server 2003 SP2, utilizado como Exchange System Attendant, permite a ... • http://osvdb.org/51838 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 24%CPEs: 3EXPL: 1CVE-2008-2247
https://notcve.org/view.php?id=CVE-2008-2247
08 Jul 2008 — Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248. Una vulnerabilidad de tipo cross-site scripting (XSS) en Outlook Web Access (OWA) para Exchange Server versión 2003 SP2, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de campos de correo electrónico no especificados, una vulnerabilidad diferent... • http://secunia.com/advisories/30964 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 25%CPEs: 4EXPL: 0CVE-2008-2248
https://notcve.org/view.php?id=CVE-2008-2248
08 Jul 2008 — Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247. La vulnerabilidad de tipo Cross-site scripting (XSS) en Outlook Web Access (OWA) para Exchange Server 2003 SP2, permite a atacantes remotos inyectar script web o HTML por medio de HTML no especificado, una vulnerabilidad diferente a la CVE-2008-2247. • http://secunia.com/advisories/30964 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 36%CPEs: 4EXPL: 0CVE-2007-0039
https://notcve.org/view.php?id=CVE-2007-0039
08 May 2007 — The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception. La funcionalidad Exchange Collaboration Data Objects (EXCDO) en Microsoft Exchange Server 2000... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063232.html • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 79%CPEs: 4EXPL: 2CVE-2007-0213 – Microsoft Exchange 2003 - base64-MIME Remote Code Execution
https://notcve.org/view.php?id=CVE-2007-0213
08 May 2007 — Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. Microsoft Exchange Server 2000 SP3, 2003 SP1 y SP2, y 2007 no decodifica apropiadamente correos electrónicos concretos con codificación MIME, lo cual permite a atacantes remotos ejecutar código de su elección mediante un mensaje de correo electrónico manipulado con codificación base64 MI... • https://packetstorm.news/files/id/153533 • CWE-20: Improper Input Validation •