Microsoft Exchange Server Multiple Vulnerabilities

Last Update Date: 14 Feb 2013 17:18 Release Date: 14 Feb 2013 4440 Views

RISK: High Risk

High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Two vulnerabilities exist in Microsoft Exchange Server through the WebReady Document Viewing feature. The more severe vulnerability, CVE-2013-0418, could allow remote code execution as the LocalService account if a user views a specially crafted file through Outlook Web Access in a browser. An attacker who successfully exploited this vulnerability could run code on the affected Exchange Server, but only as the LocalService account. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. The other vulnerability, CVE-2013-0393, could cause the affected Exchange Server to become unresponsive if a user views a specially crafted file through Outlook Web Access in a browser. Note that CVE-2013-0393 would not allow an attacker to execute code or to elevate user rights.

Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Exchange Server 2007
  • Microsoft Exchange Server 2010

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Windows OLE Automation Remote Code Execution Vulnerability

14 Feb 2013 4066 Views

Next

Microsoft Windows Media Decompression Vulnerability

14 Feb 2013 4486 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY