Microsoft Exchange Server Oracle Outside In Contains Multiple Exploitable Vulnerabilities

Last Update Date: 14 Aug 2013 15:44 Release Date: 14 Aug 2013 3848 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Database Servers

TYPE: Database Servers

Two of the three vulnerabilities addressed in this bulletin, CVE-2013-2393 and CVE-2013-3776, exist in Exchange Server 2007, Exchange Server 2010, and Exchange Server 2013 through the WebReady Document Viewing feature. The vulnerabilities could allow remote code execution as the LocalService account if a user views a specially crafted file through Outlook Web Access in a browser. An attacker who successfully exploited this vulnerability could run code on the affected Exchange Server, but only as the LocalService account. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network.

 

The third vulnerability, CVE-2013-3781, exists in Exchange Server 2013 through the Data Loss Protection (DLP) feature. This vulnerability could cause the affected Exchange Server to become unresponsive if a user views a specially crafted file through Outlook Web Access in a browser.

Impact

  • Denial of Service

System / Technologies affected

  • Microsoft Exchange Server 2007
  • Microsoft Exchange Server 2010
  • Microsoft Exchange Server 2013

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Windows Uniscribe Font Parsing Engine Memory Corruption Vulnerability

14 Aug 2013 3806 Views

Next

Microsoft Windows Remote Procedure Call Vulnerability

14 Aug 2013 3802 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY