Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Microsoft Exchange Server Vulnerability

(MS09-003; CVE-2009-0098)
Microsoft Exchange is the world’s leading corporate email platform. Microsoft Exchange does not properly decode messages in TNEF format, which is used by the Exchange Server when sending messages formatted in Rich Text Format (RTF).  Remote attackers may exploit this vulnerability via a specially crafted TNEF message. A user opening or previewing the maliciously-crafted message will trigger the vulnerability. The attacker may then be able to take complete control of the Exchange Server.  

For more information, see CPAI-2009-010.