Test ID:	1.3.6.1.4.1.25623.1.0.805146
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Exchange Server Privilege Escalation Vulnerability (3040856)
Summary:	This host is missing an important security; update according to Microsoft Bulletin MS15-026.
Description:	Summary: This host is missing an important security update according to Microsoft Bulletin MS15-026. Vulnerability Insight: Multiple flaws are due to an improper validation of user supplied input before returning it to users, - /owa/ script to the 'X-OWA-Canary' cookie value, when 'ae' is set to 'Item' and 't' is set to 'AD.RecipientType.User'. - errorfe.aspx script to the 'msgParam' parameter. - when handling server audit reports and other inputs. Vulnerability Impact: Successful exploitation will allow remote attacker execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: - Microsoft Exchange Server 2013 Service Pack 1 - Microsoft Exchange Server 2013 Cumulative Update 7 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1628 Microsoft Security Bulletin: MS15-026 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-026 http://www.securitytracker.com/id/1031900 Common Vulnerability Exposure (CVE) ID: CVE-2015-1629 Common Vulnerability Exposure (CVE) ID: CVE-2015-1630 Common Vulnerability Exposure (CVE) ID: CVE-2015-1631 Common Vulnerability Exposure (CVE) ID: CVE-2015-1632
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.