Vulnerabilities > Microsoft > Exchange Server > 2007
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-02-10 | CVE-2009-0099 | Improper Input Validation vulnerability in Microsoft Exchange Server 2000/2003/2007 The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." | 5.0 |
| 2009-02-10 | CVE-2009-0098 | Resource Management Errors vulnerability in Microsoft Exchange Server 2000/2003/2007 Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." | 9.3 |
| 2008-07-08 | CVE-2008-2248 | Cross-Site Scripting vulnerability in Microsoft Exchange Server and Outlook web Access Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247. | 4.3 |
| 2008-07-08 | CVE-2008-2247 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 2003/2007 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248. | 4.3 |
| 2007-05-08 | CVE-2007-0213 | Improper Input Validation vulnerability in Microsoft Exchange Server 2000/2003/2007 Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. | 10.0 |
| 2007-05-08 | CVE-2007-0039 | Null Pointer Dereference vulnerability in Microsoft Exchange Server 2000/2003/2007 The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception. | 7.8 |