CVE-2009-1491 Information

Description

McAfee GroupShield for Microsoft Exchange on Exchange Server 2000 and possibly other anti-virus or anti-spam products from McAfee or other vendors does not scan X- headers for malicious content which allows remote attackers to bypass virus detection via a crafted message as demonstrated by a message with an X-Testing header and no message body.

Reference

http://www.nmrc.org/~thegnome/blog/apr09/ https://exchange.xforce.ibmcloud.com/vulnerabilities/50354