McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
References
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2009-05-05 19:30
Updated : 2017-08-17 01:30
NVD link : CVE-2009-1491
Mitre link : CVE-2009-1491
CVE.ORG link : CVE-2009-1491
JSON object : View
Products Affected
microsoft
- exchange_server
mcafee
- groupshield
CWE
CWE-20
Improper Input Validation