(MS14-075) Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712)
Severity: : High
CVE Kennungen: : CVE-2014-6319
Advisory Date: 10 de grudnia de 2014
DESCRIPTION
This security update resolves four privately reported vulnerabilities in Microsoft Exchange Server. The most severe of these vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes them to a targeted Outlook Web App site. An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince them to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website, and then convince them to click the specially crafted URL.
INFORMATION EXPOSURE
AFFECTED SOFTWARE AND VERSION:
- Microsoft Exchange Server 2007 Service Pack 3
- Microsoft Exchange Server 2010 Service Pack 3
- Microsoft Exchange Server 2013 Service Pack 1
- Microsoft Exchange Server 2013 Cumulative Update 6