Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Exchange Server vulnerability could allow remote code execution


Report ID: MS201308003
Date Published: 14 August 2013

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft Exchange Server 2013




Summary

Three vulnerabilities were reported in Microsoft Exchange Server, two of which could lead to remote code execution while the other one could cause the server to become unresponsive.



Detailed Description

Microsoft has released a security update to address three reported vulnerabilities in the Microsoft Exchange Server. The vulnerabilities exist when the Oracle OutsideIn libraries parse specially crafted files. Upon successful exploitation, two of them could allow an attacker to execute code on the affected system, while the other one could cause the server to become unresponsive.

All of the vulnerabilities have been patched through the latest update, which updated the affected Oracle OutsideIn libraries to a non-vulnerable version. Users are recommended to install the latest update onto their system as a protection measure against potential exploit attempts.



CVE Reference

CVE-2013-2393, 2013-3776, 2013-3781



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-061)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.