Windows : Microsoft Bulletins : Microsoft Exchange Server Remote Code Execution Vulnerabilities (2809279)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902948

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Exchange Server Remote Code Execution Vulnerabilities (2809279)

Resumen: This host is missing a critical security update according to; Microsoft Bulletin MS13-012.

Descripción: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS13-012.

Vulnerability Insight:
Flaws are in Microsoft Exchange Server WebReady Document Viewing and will
allow remote code execution in the security context of the transcoding service
on the Exchange server if a user previews a specially crafted file using
Outlook Web App (OWA)

Vulnerability Impact:
Successful exploitation could allow an attacker to cause a denial of service
condition or run arbitrary code as LocalService on the affected Exchange
server.

Affected Software/OS:
- Microsoft Exchange Server 2007 Service Pack 3

- Microsoft Exchange Server 2010 Service Pack 2

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-0393
Cert/CC Advisory: TA13-043B
http://www.us-cert.gov/cas/techalerts/TA13-043B.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Microsoft Security Bulletin: MS13-012
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-012
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16202
Common Vulnerability Exposure (CVE) ID: CVE-2013-0418
Bugtraq: 20130117 Secunia Research: Oracle Outside In Technology Paradox Database Handling Buffer Overflow (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2013-01/0073.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16251

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902948
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Exchange Server Remote Code Execution Vulnerabilities (2809279)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS13-012.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS13-012. Vulnerability Insight: Flaws are in Microsoft Exchange Server WebReady Document Viewing and will allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA) Vulnerability Impact: Successful exploitation could allow an attacker to cause a denial of service condition or run arbitrary code as LocalService on the affected Exchange server. Affected Software/OS: - Microsoft Exchange Server 2007 Service Pack 3 - Microsoft Exchange Server 2010 Service Pack 2 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0393 Cert/CC Advisory: TA13-043B http://www.us-cert.gov/cas/techalerts/TA13-043B.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 Microsoft Security Bulletin: MS13-012 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-012 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16202 Common Vulnerability Exposure (CVE) ID: CVE-2013-0418 Bugtraq: 20130117 Secunia Research: Oracle Outside In Technology Paradox Database Handling Buffer Overflow (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-01/0073.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16251
Copyright	Copyright (C) 2013 Greenbone AG