(MS12-058) Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (2740358)
Gravità: : Critico
CVE Identifier: CVE-2012-1768,CVE-2012-3110,CVE-2012-1766,CVE-2012-1767,CVE-2012-1769,CVE-2012-1770,CVE-2012-1771,CVE-2012-1772,CVE-2012-1773,CVE-2012-3106,CVE-2012-3107,CVE-2012-3108,CVE-2012-3109
Data notifica: 15 agosto 2012
Descrizione
This patch resolves several vulnerabilities that are present in the Microsoft Exchange Server WebReady Document View feature. Attackers who are looking to exploit this vulnerability may send a specially crafted file that can be viewed by a user using the Outlook Web Access in a browser. Microsoft recommends to disable WebReady Document View. Note that when the said view is disabled, users of Outlook Web Access are unable to preview contents of email attachments.
Soluzioni
Software e versione interessati:
- Microsoft Exchange Server 2007 Service Pack 3
- Microsoft Exchange Server 2010 Service Pack 1
- Microsoft Exchange Server 2010 Service Pack 2