CVSS: 9.3EPSS: 39%CPEs: 3EXPL: 0CVE-2009-0098
https://notcve.org/view.php?id=CVE-2009-0098
Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2 y Exchange Server 2007 SP1; no interpreta adecuadamente las propiedades de Transport Neutral Encapsulation (TNEF), esto permite a atacantes remotos ejecutar código de su elección a través de un mensaje TNEF manipulado. También se conoce como "Vulnerabilidad de Corrupción de Memoria". • http://osvdb.org/51837 http://secunia.com/advisories/33838 http://www.us-cert.gov/cas/techalerts/TA09-041A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-003 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6114 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 91%CPEs: 3EXPL: 0CVE-2009-0099
https://notcve.org/view.php?id=CVE-2009-0099
The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." El proveedor Electronic Messaging System Microsoft Data Base (EMSMDB32) en Microsoft Exchange 2000 Server SP3 y Exchange Server 2003 SP2, utilizado como Exchange System Attendant, permite a atacantes remotos producir una denegación de servicio (caída de la aplicación) a través de una comando MAPI malformado, también conocido como "vulnerabilidad de procesado literal". • http://osvdb.org/51838 http://secunia.com/advisories/33838 http://www.us-cert.gov/cas/techalerts/TA09-041A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-003 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6159 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 4%CPEs: 1EXPL: 2CVE-2008-1547 – Microsoft Outlook Web Access for Exchange Server 2003 - 'redir.asp' Open Redirection
https://notcve.org/view.php?id=CVE-2008-1547
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. Vulnerabilidad involuntaria de redirección en exchweb/bin/redir.asp en Microsoft Outlook Web Access (OWA) para Exchange Server 2003 SP2 (alias build 6.5.7638) permite a atacantes remotos, redireccionar a usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través de una URL en el parámetro URL. • https://www.exploit-db.com/exploits/32489 http://securityreason.com/securityalert/4441 http://www.securityfocus.com/archive/1/497374/100/0/threaded http://www.securityfocus.com/archive/1/497390/100/0/threaded http://www.securityfocus.com/archive/1/497433/100/0/threaded http://www.securityfocus.com/archive/1/497500/100/0/threaded http://www.securityfocus.com/archive/1/497534/100/0/threaded http://www.securityfocus.com/bid/31765 https://exchange.xforce.ibmcloud.com/vulnerabiliti • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 96%CPEs: 3EXPL: 1CVE-2008-2247
https://notcve.org/view.php?id=CVE-2008-2247
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248. Una vulnerabilidad de tipo cross-site scripting (XSS) en Outlook Web Access (OWA) para Exchange Server versión 2003 SP2, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de campos de correo electrónico no especificados, una vulnerabilidad diferente de CVE-2008-2248. • http://secunia.com/advisories/30964 http://www.securityfocus.com/bid/30130 http://www.securitytracker.com/id?1020439 http://www.us-cert.gov/cas/techalerts/TA08-190A.html http://www.vupen.com/english/advisories/2008/2021/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-039 https://exchange.xforce.ibmcloud.com/vulnerabilities/43328 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 96%CPEs: 4EXPL: 0CVE-2008-2248
https://notcve.org/view.php?id=CVE-2008-2248
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247. La vulnerabilidad de tipo Cross-site scripting (XSS) en Outlook Web Access (OWA) para Exchange Server 2003 SP2, permite a atacantes remotos inyectar script web o HTML por medio de HTML no especificado, una vulnerabilidad diferente a la CVE-2008-2247. • http://secunia.com/advisories/30964 http://www.securityfocus.com/bid/30078 http://www.securitytracker.com/id?1020439 http://www.us-cert.gov/cas/techalerts/TA08-190A.html http://www.vupen.com/english/advisories/2008/2021/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-039 https://exchange.xforce.ibmcloud.com/vulnerabilities/43329 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5695 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •