Unrated severityNVD Advisory· Published Feb 10, 2009· Updated Apr 23, 2026

CVE-2009-0099

Description

The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."

Affected products

Microsoft/Exchange Server3 versions
cpe:2.3:a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2007:sp1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.us-cert.gov/cas/techalerts/TA09-041A.htmlnvdUS Government Resource
osvdb.org/51838nvd
secunia.com/advisories/33838nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-003nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6159nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.054
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000