CVE-2009-1491

critical

Trellix

CVSS v3 Base Score

9.3

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS Score

0.2%

Exploitation probability in 30 days

Top 52% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

Integrity

Availability

Published: May 5, 2009 (6218 days ago)

Last Modified: April 23, 2026

Vendor: Trellix

Source: NVD

Description

McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.

CWE

CWE-20

Affected Products

mcafee groupshield

References

🔗 www.nmrc.org 🔗 exchange.xforce.ibmcloud.com 🔗 www.nmrc.org 🔗 exchange.xforce.ibmcloud.com

CVE-2009-1491

Vulnerability Report

Description

CWE

Affected Products

References