Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Exchange / FAST Search Server code execution
Published:14.02.2013
Source:
SecurityVulns ID:12884
Type:remote
Threat Level:
8/10
Description:Code execution on Outlook Web Access document viewing / Advanced Filter Pack because of Oracle Outside In technology vulnerability.
Affected:MICROSOFT : Exchange 2007
 MICROSOFT : Exchange 2010
 MICROSOFT : FAST Search Server 2010
CVE:CVE-2013-0418 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information was obtained from the January 2013 CPU. Oracle has not commented on claims from an independent researcher that this is a heap-based buffer overflow in the Paradox database stream filter (vspdx.dll) that can be triggered using a table header with a crafted "number of fields" value.)
 CVE-2013-0393 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0418.)
 CVE-2012-3217 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK.)
 CVE-2012-3214 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
Files:Microsoft Security Bulletin MS13-012 - Critical Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279)
 Microsoft Security Bulletin MS13-013 - Important Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2784242)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod