Two vulnerabilities have been identified in Microsoft Exchange Server, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system.

The first issue is caused by a memory corruption error when decoding the Transport Neutral Encapsulation Format (TNEF) data for a message, which could allow remote attackers to execute arbitrary code by sending a malicious message through a vulnerable server.

The second vulnerability is caused by an error in the EMSMDB2 (Electronic Messaging System Microsoft Data Base, 32 bit build) provider when handling invalid MAPI commands, which could be exploited to cause a denial of service by sending a specially crafted MAPI command to a vulnerable application.

Affected Products

Microsoft Exchange 2000 Server Service Pack 3 (Update Rollup / August 2004)
Microsoft Exchange Server 2003 Service Pack 2
Microsoft Exchange Server 2007 Service Pack 1

Solution

Apply patch :
http://www.microsoft.com/technet/security/Bulletin/MS09-003.mspx

References

http://www.vupen.com/english/advisories/2009/0390
http://www.microsoft.com/technet/security/Bulletin/MS09-003.mspx

In-depth Binary Analysis

Available in customer area as part of VUPEN Binary Analysis & Exploits Service and VUPEN Vulnerability Notification Service Ultimate Feed Edition.
 

Private Exploit or PoC

Available in customer area as part of VUPEN Binary Analysis & Exploits Service and VUPEN Vulnerability Notification Service Ultimate Feed Edition.
 

Credits

Vulnerabilities reported by the vendor and Bogdan Materna (VoIPshield Systems).

Changelog

2009-02-10 : Initial release

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.