(MS12-080) Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)

  Severity: CRITICAL
  CVE Identifier: CVE-2012-4791
  Advisory Date: DEC 12, 2012

  DESCRIPTION

This patch addresses vulnerabilities in Microsoft Exchange Server, which could allow remote code execution on the transcoding service on the Exchange server via a specially crafted file using Outlook Web App (OWA).

  SOLUTION

  AFFECTED SOFTWARE AND VERSION

  • Microsoft Exchange Server 2007 Service Pack 3
  • Microsoft Exchange Server 2010 Service Pack 1
  • Microsoft Exchange Server 2010 Service Pack 2