Microsoft has published the security bulletins MS009-02, MS009-03, M009-04 and MS009-05, which refer to 8 vulnerabilities. 3 are critical and 2 of them affect the Internet Explorer browser again. These 2 vulnerabilities could allow remote code execution if users visit a specially crafted website. The other critical vulnerability affects the versions 2000 Service Pack 3, 2003 Service Pack 2 y 2007 Service Pack 1 of Microsoft Exchange Server and allows remote code execution by sending a specially modified email message.
The other 5 have been rated as important by Microsoft, one of them also affects Microsoft Exchange Server 2003 Service Pack 2 and Microsoft Exchange 2007 Service Pack. If exploited successfully, it causes a denial of service in the target server when a specially modified MAPI command is sent to the server.
The other vulnerability affects several versions of Microsoft SQL Server, which can be exploited through the stored procedure called sp_replwritetovarbin. This vulnerability can be also exploited through websites vulnerable to SQL Injection attacks. The 3 other vulnerabilities affect Microsoft Visio, which allow a malicious user to execute remote code if a specially crafted Visio file is created.
You can obtain more information about these vulnerabilities in the following links:
MS09-002 - MS09-003 - MS09-004 - MS09-005