Unrated severityNVD Advisory· Published May 5, 2009· Updated Apr 23, 2026

CVE-2009-1491

Description

McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.

Affected products

McAfee/Groupshield
cpe:2.3:a:mcafee:groupshield:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.nmrc.org/~thegnome/blog/apr09/nvdExploit
exchange.xforce.ibmcloud.com/vulnerabilities/50354nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000