VYPR

Exchange Server

by Microsoft

CVEs (233)

  • CVE-2005-0044May 2, 2005
    risk 0.03cvss epss 0.33

    The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."

  • CVE-2002-0055Mar 8, 2002
    risk 0.03cvss epss 0.38

    SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.

  • CVE-2001-0146Jun 2, 2001
    risk 0.03cvss epss 0.37

    IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.

  • CVE-2023-38181Aug 8, 2023
    risk 0.02cvss epss 0.17

    Microsoft Exchange Server Spoofing Vulnerability

  • CVE-2021-42305Nov 10, 2021
    risk 0.02cvss epss 0.08

    Microsoft Exchange Server Spoofing Vulnerability

  • CVE-2021-27078Mar 2, 2021
    risk 0.02cvss epss 0.18

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2021-26412Mar 2, 2021
    risk 0.02cvss epss 0.30

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2019-0586Jan 8, 2019
    risk 0.02cvss epss 0.15

    A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.

  • CVE-2010-0025Apr 14, 2010
    risk 0.02cvss epss 0.21

    The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by…

  • CVE-2009-0099Feb 10, 2009
    risk 0.02cvss epss 0.26

    The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI…

  • CVE-2009-0098Feb 10, 2009
    risk 0.02cvss epss 0.25

    Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption…

  • CVE-2008-2247Jul 8, 2008
    risk 0.02cvss epss 0.25

    Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248.

  • CVE-2008-2248Jul 8, 2008
    risk 0.02cvss epss 0.25

    Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.

  • CVE-2004-0203Nov 23, 2004
    risk 0.02cvss epss 0.21

    Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.

  • CVE-2004-0840Nov 3, 2004
    risk 0.02cvss epss 0.30

    The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a…

  • CVE-2002-0698Aug 12, 2002
    risk 0.02cvss epss 0.20

    Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response.

  • CVE-2002-0054Mar 8, 2002
    risk 0.02cvss epss 0.22

    SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.

  • CVE-2001-1319Jul 16, 2001
    risk 0.02cvss epss 0.29

    Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.

  • CVE-1999-0945Mar 12, 2001
    risk 0.02cvss epss 0.20

    Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands.

  • CVE-1999-0682Aug 6, 1999
    risk 0.02cvss epss 0.26

    Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.

Page 6 of 12